shellsharks
@shellsharks@infosec.pub
Infosec researcher | writes @ shellsharks.com
Mastodon: @shellsharks@infosec.exchange
- Submitted 4 hours ago to cybersecurity@infosec.pub | 0 comments
- Comment on Mentorship Monday - Discussions for career and learning! 1 day ago:
@stevedidwhat_infosec@infosec.pub dropped some great resources. I also typically direct people to this resource I wrote a few years back in terms of “getting into infosec” shellsharks.com/getting-into-information-security.
- Submitted 2 days ago to cybersecurity@infosec.pub | 7 comments
- Comment on Off-Topic Friday (experimental) 5 days ago:
Meow 😸
- Submitted 5 days ago to cybersecurity@infosec.pub | 7 comments
- Comment on Request: Guidance from Staff+ Security Engineers 5 days ago:
Great advice. Thanks!
- Comment on What are You Working on Wednesday 5 days ago:
Had not heard of this. Got some reading to do 👍
- Submitted 6 days ago to cybersecurity@infosec.pub | 4 comments
- Submitted 1 week ago to cybersecurity@infosec.pub | 7 comments
- Submitted 1 week ago to cybersecurity@infosec.pub | 4 comments
- Comment on What are You Working on Wednesday 2 weeks ago:
Good luck getting those new resources/headcount!
- Submitted 2 weeks ago to cybersecurity@infosec.pub | 4 comments
- Submitted 2 weeks ago to cybersecurity@infosec.pub | 0 comments
- Submitted 3 weeks ago to cybersecurity@infosec.pub | 18 comments
- Submitted 3 weeks ago to cybersecurity@infosec.pub | 0 comments
- Submitted 4 weeks ago to cybersecurity@infosec.pub | 3 comments
- Submitted 4 weeks ago to cybersecurity@infosec.pub | 0 comments
- Comment on Mentorship Monday - Discussions for career and learning! 4 weeks ago:
CIS Critical Security Controls and/or NIST CSF as frameworks to help put you in the right mindset. But so much of what you should do first depends on some variables imo.
- What is your budget?
- What already exists security-wise at your company?
- What level of executive support do you have? Can you enact real change?
- What is most important to the company? i.e. "Crown Jewels"
- What does the network/infrastructure/endpoint environment look like?
Once you answer these questions then you can get a better idea of where to spend the limited time/money you have. The CSC will likely tell you to tap into an inventory and do some form of Vulnerability Management. This is a decent idea as you need to know what you are trying to protect and also catch low-hanging fruit via vuln scanning. Instrumenting endpoints (EDR) or gaining visibility into your infra is also important but which do you pick first? Crowdstrike is awesome but expensive. No one solution is a silver bullet.
Have a plan, create a reasonable roadmap, figure out your companies risk threshold, ask for more resources depending on what level of risk they’re willing to accept and how quickly they want things implemented.
- Submitted 5 weeks ago to cybersecurity@infosec.pub | 7 comments
- Submitted 5 weeks ago to cybersecurity@infosec.pub | 3 comments
- Submitted 1 month ago to cybersecurity@infosec.pub | 2 comments
- Submitted 1 month ago to cybersecurity@infosec.pub | 0 comments
- Comment on What are You Working on Wednesday 1 month ago:
Oh cool. I’ve been thinking of getting one too. But I already have too many projects and too much work and not enough time 😩 (not that that’s ever stopped me from buying stuff before…). Where do you write?
- Comment on What are You Working on Wednesday 1 month ago:
Another part of my Lemmy <–> Mastodon experimentation. The Fediverse is cool but it is also a little confusing 😅
- Submitted 1 month ago to cybersecurity@infosec.pub | 12 comments
- Submitted 1 month ago to cybersecurity@infosec.pub | 1 comment
- Comment on What are You Working on Wednesday 1 month ago:
What field is it?
- Submitted 1 month ago to cybersecurity@infosec.pub | 7 comments
- Submitted 1 month ago to cybersecurity@infosec.pub | 0 comments
- Comment on What are You Working on Wednesday 1 month ago:
What are you normally up to?