shellsharks

shellsharks OP , 1 day ago

Maybe this www.springboard.com/…/cybersecurity-foundations/ or this clark.center/home ?

shellsharks OP , 3 days ago

Don’t know if this counts for what you were looking for but bluetooth headphones are a game changer for me. Cleaning around the house, at the gym, on a run, etc… Very freeing compared to having the wire running into my pocket.

shellsharks OP , 9 days ago

• Security+ typically puts you on the map
• CISSP is usually Sec+ level-up
• Relevant (to the job you’re applying to) SANS course (expensive)
• OSCP (for pentesting)
• Any AWS cert is good if you’re applying to cloud roles

But really, certs don’t move the needle the way they once did imo. You may be better off documenting your experience on a website rather than just having letters. This has at least been my perspective (and I have a TON of certs so I wish they were worth more)

shellsharks OP , 3 days ago

Pretty much everyone recommends this www.professormesser.com

shellsharks OP , 6 days ago

What do you mean?

shellsharks OP , 16 days ago

Almost certainly (though not impossible). Seriously doubt they went any deeper, i.e. rootkit, UEFI firmware / BIOS compromise, etc… There are likely files (pictures, documents) that your neighbor would not want to lose on their machine though so you should figure out how to get those off first.

shellsharks OP , 20 days ago

What are you trying to do with it?

shellsharks OP , 23 days ago

@stevedidwhat_infosec dropped some great resources. I also typically direct people to this resource I wrote a few years back in terms of “getting into infosec” shellsharks.com/getting-into-information-security.

shellsharks OP , 27 days ago

Meow 😸

shellsharks OP , 27 days ago

Great advice. Thanks!

shellsharks OP , 27 days ago

Had not heard of this. Got some reading to do 👍

shellsharks , 1 month ago

AI brainworm

shellsharks OP , 1 month ago

Good luck getting those new resources/headcount!

shellsharks OP , 1 month ago

CIS Critical Security Controls and/or NIST CSF as frameworks to help put you in the right mindset. But so much of what you should do first depends on some variables imo.

• What is your budget?
• What already exists security-wise at your company?
• What level of executive support do you have? Can you enact real change?
• What is most important to the company? i.e. "Crown Jewels"
• What does the network/infrastructure/endpoint environment look like?

Once you answer these questions then you can get a better idea of where to spend the limited time/money you have. The CSC will likely tell you to tap into an inventory and do some form of Vulnerability Management. This is a decent idea as you need to know what you are trying to protect and also catch low-hanging fruit via vuln scanning. Instrumenting endpoints (EDR) or gaining visibility into your infra is also important but which do you pick first? Crowdstrike is awesome but expensive. No one solution is a silver bullet.

Have a plan, create a reasonable roadmap, figure out your companies risk threshold, ask for more resources depending on what level of risk they’re willing to accept and how quickly they want things implemented.

shellsharks OP , 2 months ago

Another part of my Lemmy <–> Mastodon experimentation. The Fediverse is cool but it is also a little confusing 😅

shellsharks OP , 2 months ago

Oh cool. I’ve been thinking of getting one too. But I already have too many projects and too much work and not enough time 😩 (not that that’s ever stopped me from buying stuff before…). Where do you write?

shellsharks OP , 2 months ago

What field is it?

shellsharks OP , 2 months ago

What are you normally up to?

shellsharks OP , 3 months ago

I haven’t been looking so I can’t speak with first-hand xp. From others accounts on socials it seems like it’s kinda rough but everyone has different experiences. Good to hear some potentially optimistic news for a change though so I’ll take it.