sirblastalot

@sirblastalot@ttrpg.network

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨N00b wanting to get into this field - NL Cybersecurity⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Depending on your field, your business may already have a cybersecurity department. There’s an endless parade of thankless grunt work to be done like patching (often after hours), following up with users whose machines didn’t patch for whatever reason, and so on. (With your manager’s permission) you may be able to reach out to them and volunteer to help with some of those tasks, as a way to dip a toe into that world and start learning.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Spent some time looking for ideas on how to do a security training (compliance requirement) that didn’t suck. Cribbing from some reddit posts, I think I’m going to give everyone a notecard with something like “Is Bob Bobson a client here”, have them pair up, and do a little phone conversation roleplay where one person is a visher trying to trick the other into revealing the piece of information, while the other person gets practice saying “No.” Seemed like a good way to let the staff dip a toe into thinking like an attacker.
⁨Comment⁩ on ⁨Password managers less secure than promised⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Yeah to be clear, I do not recommend my method and I don’t think it’s a good allocation of mental resources. I’m just stubborn :P
⁨Comment⁩ on ⁨Password managers less secure than promised⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
FWIW, I use Diceware for password generation; it’s good at making memorable yet still random passphrases.
⁨Comment⁩ on ⁨Password managers less secure than promised⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
The prospect of putting all my passwords in one big juicy target has always made me nervous. I go to great lengths to just memorize everything, but damn if it doesn’t take a toll.
⁨Comment⁩ on ⁨Why We Abandoned Matrix: The Dark Truth About User Security and Safety⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
“Matrix” is a pretty difficult-to-search name. What is it? Federated IRC?
⁨Comment⁩ on ⁨Off-Topic Friday⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Pretty normal for us over here
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Had to invoke our Data Transmission policy’s AI clause for the first time
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Well, no one else comments in these threads, might as well.
⁨Comment⁩ on ⁨Study concludes cybersecurity training doesn’t work⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Every email client I can think of off the top of my head blocks images by default. And I don’t see how that relates to your criticism of the whole idea of anti-phishing training
⁨Comment⁩ on ⁨Study concludes cybersecurity training doesn’t work⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Clicking the link hypothetically confirms to the spammer that yours is a valid and monitored email address, and that you’re a sucker suitable for more targeted phishing.

Of course, it seems like every random user will also happily type their password into any text box that asks for it, too.
⁨Comment⁩ on ⁨Study concludes cybersecurity training doesn’t work⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
One time I failed a phishing test because I did a message trace and confirmed that it originated from our own internal servers.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Nuthin, furloughed.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Inventory management. Can’t secure what you can’t see etc
⁨Comment⁩ on ⁨👣👣👣⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
That strikes me as highly reflective of google’s position of power; from the employer’s perspective, the point where the diminishing returns are no longer worth it is related to the point where they’re losing too many applicants from interview exhaustion. If you’re not google, not offering the kind of pay and such that google does, your break-even point is likely much sooner.

Additionally, from the worker’s perspective, the only-3-interviews rule is an assertion of our power. And, as an added plus, if enough people adhere to it, it will shift that break-even point even for places like Google, and resist the shifting of that burden onto unpaid workers.
⁨Comment⁩ on ⁨👣👣👣⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
The question that raises from a process improvement perspective then is “were the first 3 rounds really effective tests?” Perhaps a better solution is not more interviews, but more focused interviews conducted by the people that actually have the knowledge and power to make the decision. (And if the knowledge and the power are divided among multiple people, another great improvement would be empowering the people with the knowledge.)
⁨Comment⁩ on ⁨👣👣👣⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Yeah, it saves you money…by costing the prospective employee. There’s only so much we can or should be willing to give up for free, and it’s 3 interviews.

I also question if more than that is really improving the quality of your hires. Far more often, multiple interviews are more a symptom of bureaucracy; multiple managers insisting that they get to stick their fingers in the pie, rather than actually learning anything more meaningful about the candidate.
⁨Comment⁩ on ⁨👣👣👣⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Never do more than 3 interviews. And that’s assuming they’re relatively short, maybe 1 hour apiece. Any more than that, and they don’t want you bad enough.