biptoot
@biptoot@lemmy.today
- Comment on Mentorship Monday - Discussions for career and learning! 5 weeks ago:
No questions, but am in the final stages at two orgs for a CISO position. I’ve been offered a few, and turned them down (in office or low salary compared to responsibilities) but these last two are feeling just about right. I’m in that mix of anxious / unknown / hope, and enjoying it.
For all who are also applying/interviewing, may your interviews go well <3
- Comment on quantitative analysis tools 5 weeks ago:
And I do keep bumping into excel models for sale, or Excel add-ins. There’s quite a few quants that’ll do custom models for your scenarios for my price range, too - lookin’ at you, cyberriskmodels.com and your $1200 Custom Models & Dashboards.
I’m more interested in the models and their uses than the buying of a new software. I have fixed scenarios where decisions need to be made, and just a little guidance on ‘use this kind of model (or template excel sheet) for evaluating a new mobile app for a business unit, and this other kind for evaluating the risk of patching production workload servers outside of business hours during the busy season’ would be great.
But yeah, the more I look the more I think it’s not COTS. It’s going to be buying hours with a quant and building models for our standard risk assessments. Which is fine, just good to know I 'spose.
- Comment on quantitative analysis tools 5 weeks ago:
Appreciate the reply. I do use RMFs, but I’m looking for specific analysis tools. For a given threat - data breach from a significant software update adding features - to model that risk quantitatively. I’ll continue looking, but hoping to hear from someone on what they’ve used. I’ll be sure to come back and share what I find as well.
- Submitted 5 weeks ago to cybersecurity@infosec.pub | 4 comments
- Comment on what exercises work for you to avoid back pain? 2 months ago:
Yoga, for sure. I used to think it was just women stretching. Now I know it’s for everyone, and it’s more about strength than stretching. There are muscles that get worked in yoga that I have never known was there through mainstream weight lifting and strength training. Specifically my core and lower back. It’s made a difference, although it took about a year for me.
- Comment on Indie Game Roundup (Dec. 20, 2024) 3 months ago:
These all look amazing. I friggin love the creativity of the indie game community
- Comment on Mentorship Monday - Discussions for career and learning! 8 months ago:
Derp, thanks for the prompt. I’d like to move to a position for more income. Government or private. Currently at $127k / yr.
- Comment on Mentorship Monday - Discussions for career and learning! 9 months ago:
Looking for cert guidance!
I’m a late-40’s life-long IT guy, working as a cybersecurity architect / deputy CISO for a state govt agency the last few years. I have my CISSP and bachelor’s in IT mgmt from WGU.
I have access to free microsoft classes & cert tests through my employer. Thinking about going back and getting some certs. Does it make sense to do the security certs in order?
SC-900, SC-100-200-300-400, AZ 500
Or am I overthinking it and I should just jump in and try a test to see how I do?
- Comment on What are You Working on Wednesday (Thursday Edition) 9 months ago:
Also off work today, so it’s pet-project time: I have some scripts that collect local housing rental prices. I’ve been collecting this information in a sqlite db using python webscraping libraries, so I can chart the effects of gentrification and homelessness in my (small, rural) community.
- Comment on Mentorship Monday - Discussions for career and learning! 10 months ago:
Thanks for doing these. We’re here, this community is growing, and your encouragement and nudging is good 😀
- Comment on 10 months ago:
Nice!
- Comment on Mentorship Monday - Discussions for career and learning! 10 months ago:
I could use a resume review.
I’m a security architect in the public sector, state government. I started as an entry level sysadmin around 2000. I’m being strongly encouraged to apply for the CISO position here. I’m 46, and currently lead a team of 3.
Every time I apply for the private sector, including lower level jobs, it’s crickets. If I apply for govt work, I get people banging on my door.
How do I get a resume review, or someone to point out what I need to make the jump from govt to private sector?
- Comment on What are You Working on Wednesday 10 months ago:
Always love these kinds of questions, and love how you are working to build this community.
I work for a government agency as a deputy ciso, and I’m putting together a decision package for legislature to request new staff. I’m looking for five new members of my team, which would slightly double our size. It’s a very long process, which involves a lot of capacity planning, reading strategic plans and tying it to things other people have talked about, demonstrating work bottlenecks through metrics from our soc, and leveraging relationships and capital Goodwill that I’ve built over the last couple years.
Cross your fingers for me.
- Comment on That's a lot of corned beef... 11 months ago:
This happens to a lot of bands
- Comment on Mentorship Monday - Discussions for career and learning! 11 months ago:
t every company should have? Is there even a frame
I was the lone security person there for a bit. Now there’s 4 of us. I broke it down into two risks:
service / system outage data breach / loss
The way I approached shoring up defenses was with specific activities each week:
vulnerability remediation audit & compliance incident response governance & policy security awareness program
It might help to think of things in a maturity model. Putting in a SEIM is a big job, and maybe more appropriate for when the security program at your org has matured more. What you can do is spend time working on the other stuff - what’s your endpoint protection? What compliance requirements do you have? How’s your inventory & asset management? What’s policy look like? Do your AD accounts all make sense? What’s the password policy? Do you have any old service accounts?
Picking little stuff allows you to make progress, and gets you ready to move to the bigger things. A mentor once told me to use a checklist (for life in general, but applies to cyber):
1 Did they ask you for help 2 Do you have it to give 3 Have you done enough for now
Good luck!
- Submitted 11 months ago to [deleted] | 23 comments