_zi

@_zi@infosec.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Mentorship Monday - Discussions for career and learning!⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

the school I’m transferring to has a cybersecurity degree designed to pick up where my AS leaves off.

(Disclaimer, I’m speaking from US and Canada based experience)

Be careful with CyberSecurity programs; it sounds great but there is no standard regarding what a cybersecurity degree even should be. Which means every place offering one can do whatever they want. Some programs are fine, some are lacking, regardless you have to make sure its actually preparing you for whatever part of security you’re actually interested in. It also means that on the hiring side, people won’t know exactly what its value is without looking into your specific program (which they probably won’t do). Which puts it at a lesser value than a more predictable degree. Still often acceptable at least but worth calling out.

If you’re new I’d also strongly encourage you to learn about different facets of cyber security; it is an absolutely massive field and different areas have different expectations. A lot of people have a misunderstandings about security jobs look like.
⁨Comment⁩ on ⁨[Request]Computer security related audiobooks⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
- The Cuckoo’s Egg - Really interesting book about running a honeypot and trying to tracking down a hacker who was stealing resources from Lawrence Berkeley Lab machines. Its based on actual events has some fun insights into the tech of the time and it had a fairly gripping plot despite the age.
- Cult of the Dead Cow - First while of this book was just history and stories about the cDc from its members. The later parts of the book tie into Beto O’Rourke (who was part of the cDc) political campaign and the tone kinda shifts a bit. Wasn’t like it ruined the book or something, but it was a distinct shift in tone different from the parts that hooked me into it.
- The Hacker and the State - This was a look at effectively cyberwar through the years and how/why it hasn’t really turned out how people predicted being less destructive but more pervasive. Kinda gave a good, as far as I can tell fact-based perspective on the geopolitics of cyberattacks and how its developed.
- Dark Territory: The Secret History of Cyber War - Similar concept to The Hacker and the State but more narrow focus. Just looking at the development of cyber-capabilities and use in the US.
- No Place to Hide - Okay, maybe not exactly cyber security related. Its more the behind the scenes of the Snowden leaks. Obviously the leaks do touch on cyber security and they talk about their opsec in communicating before actually meeting. That behind the scenes aspect was most interesting to me, but it did go into what was leaked and such also. I’ll also shout out Permanent Record which just ties in nicely with No Place to Hide. Its Snowden’s memoir.
- Little Brother - So this one isn’t on audible as the author Cory Doctorow is outspoken against the DRM systems. Its a fictional book following a high-school student who becomes a reluctant hacker for civil liberties and privacy. The cool thing about the book is that it accurately represents technology, and explains things like how TOR works, about public key crypto, VPNs, etc; and it does so accurately, albeit sometimes superficially. I’ve done a poor job summarizing but Mudge at DefCon 21 mentioned the book is used as training material at the NSA to give recruits a different point of view. Bruce Schneier and Andrew “bunnie” Huang both have essays included as afterwords in the book which you wouldn’t usually find in a fictional hacking book. It definitely captures some of the counter-cultural ideals that existed in the hacking community in the mid-00s and earlier. Even though its not on audible I’d still recommend it.
⁨Comment⁩ on ⁨Mentorship Monday - Discussions for career and learning!⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
That is generally what I’d recommend, and have liked seeing in a resume.

My thinking is that seeing projects tends to showcase not just a particular skill like with a language you used, but shows an understanding of the problems facing some area that your project is trying to solve. I’ve never really been a fan of skills listings just because they offer basically no context. Whereas projects give me something to bounce off of in an interview, and hopefully get the candidate talking.

I will say though that I wasn’t the person reviewing resumes deciding who got an interview, I’ve just been an interviewer after someone made it through the screening.