|
I'm inheriting a massive vulnerability debt and taking on a vulnerability management position with very little experience. Piss and poo poo. Here we go.
|
# ¿ Sep 16, 2023 04:49 |
|
|
# ¿ May 2, 2024 11:48 |
|
This cuts deep, op.
|
# ¿ Sep 16, 2023 12:31 |
|
Wibla posted:I had no meetings today I've got 22. I'll attend 5.
|
# ¿ Sep 20, 2023 15:34 |
|
Can anybody recommend some decent resources for getting up to speed with the CISSP? There's so much noise for this cert, I'm not sure what is going to be most effective. Free is best until I can sucker work into paying.
|
# ¿ Sep 21, 2023 22:17 |
|
AlternateAccount posted:Most comprehensive is still prolly https://www.sunflower-cissp.com I'll take a peek. Thank you!
|
# ¿ Sep 22, 2023 02:36 |
|
Guy training me wants me to help him train 30k users on using a password manager. I'm not sure that's gonna happen.
|
# ¿ Sep 28, 2023 03:14 |
|
I'm new to the space, but that seems to be the concern with our infra teams per our discussions. Red Team starts from "compromised device within the firewall" and suddenly they're finding lots of stuff! I, too, am a master thief when invited in and with the house unlocked.
|
# ¿ Oct 14, 2023 15:08 |
|
Totally understood, I wasn't stating that there should only be one layer. These are complaints from my infra guys when they're getting raked over the coals for Red Team findings. I'm the schlub that has to make the argument now that these findings are of paramount importance, despite the risk assessment completely ignoring the fact that we weren't breached. I guess I was just venting.
|
# ¿ Oct 14, 2023 16:44 |
|
Sickening posted:The culture you build in security should be to embrace findings with positivity. Having a green scorecard is the goal but is far more likely a symptom of your company having blind spots. This is my mid term goal. Short term is figuring out where someone is hiding all the findings and the toys, and get my house in order. medium term is turning some insular groups into an integrated service. JehovahsWetness posted:We get that security requests can really gently caress up a roadmap and we pitch in as much as we can so sec doesn't get seen as the bad guys. (We stress that we're an engineering org and are part of product development / corp infra it and we're here to help. Exactly my goal. It's complicated by the fact that this is a place quilted together by m&a. Cannon_Fodder fucked around with this message at 21:15 on Oct 14, 2023 |
# ¿ Oct 14, 2023 21:12 |
|
PalaNIN posted:Apparently a 0-day exploit going around for the Signal messaging app, related to the data within message previews: What's the usual disclosure path for these things? Rumor on twitter/mastodon -> https://www.zero-day.cz/database/?s...ORS%5D%5B%5D=16 -> ?
|
# ¿ Oct 15, 2023 13:53 |
|
Hint to vendors, if you're in a call with your client and they've pulled in cyber security and legal, don't try to justify why things are not really technically a vulnerability. I'm amazed by the balls on some of these people. Just fix your poo poo, guy.
|
# ¿ Nov 4, 2023 21:54 |
|
Any of you dorks at QSC'23?
|
# ¿ Nov 7, 2023 17:02 |
|
I prefer e-privateer, personally.
|
# ¿ Nov 11, 2023 16:48 |
|
Yeah, that certainly strikes a note. Are there any good RSS feeds for emergent vulnerabilities? I made the mistake of asking our SOC folks about some of the stuff mentioned in this thread over the last few weeks and now they think I'm in the "know". Might as well ask around for them.
|
# ¿ Nov 16, 2023 04:43 |
|
Thanks guys/gals. Coming from app Security on an ERP, the greater VM world is pretty vast and overwhelming. I appreciate the resources.
|
# ¿ Nov 16, 2023 21:36 |
|
The sobriety patch is stuck in qa approvals, this will have to wait until after the holiday
|
# ¿ Nov 22, 2023 17:26 |
|
Arivia posted:This is why I rearchitected on Linux with GNU Cloaca. Everything is a mess and it all just gets stuck together but there's only one big hole now to worry about.
|
# ¿ Dec 21, 2023 05:00 |
|
I just got told I need to be in the office at least 2 days a week. I asked my boss who was going to check Nobody. Congrats me in continuing to be full time remote.
|
# ¿ Jan 13, 2024 22:57 |
|
1password has been set up, based on thread recommendation. For anyone not already onboard, if you're coming from a browser, you can mass import your saved passwords from there. Then the little watchtower feature yells at you because you're a lazy dick and deserve it.
|
# ¿ Feb 23, 2024 19:58 |
|
Sickening posted:Nobody wants to work in compliance. It’s often a place of exile. I feel seen.
|
# ¿ Mar 2, 2024 20:43 |
|
1password rules, thank you for the suggestions
|
# ¿ Mar 28, 2024 04:16 |
|
I would love to know what a cyber attack triage specialist consultant costs because I'm sure these guys are making stupid money.
|
# ¿ Apr 3, 2024 23:21 |
|
post hole digger posted:You need to apply strategic defenses to your perimeter to maximize your security ROI and strengthen your overall security posture in alignment with NIST 800-53 best practices. Do you have XDR? SOAR? CSPM? CNAPP? MDR? ZTNA? Let me set up a few calls with vendors. I won’t be able to attend due to scheduling conflicts but these guys are great, you’re in good hands. That will be $95,000. An hour, I presume. I mean the hands on keyboard "unfuck your poo poo" mercenaries that batman in during an ongoing security event
|
# ¿ Apr 4, 2024 04:49 |
|
Apparently Stuxnet 2 electric boogaloo is now being leveraged against Russian targets by Ukraine and called fuxnet How long till that starts getting recycled?
|
# ¿ Apr 17, 2024 02:44 |
|
Wibla posted:Do you have a link to more info about this? https://www.securityweek.com/destructive-ics-malware-fuxnet-used-by-ukraine-against-russian-infrastructure/
|
# ¿ Apr 17, 2024 21:52 |
|
Who's Amir?
|
# ¿ Apr 18, 2024 23:01 |
|
|
# ¿ May 2, 2024 11:48 |
|
rafikki posted:Sounds like things are getting bad out there with the Palo exploit. RIP to all the IR teams
|
# ¿ Apr 19, 2024 04:30 |