cybersecurity

The original post: /r/cybersecurity by /u/LibrarianLiving7571 on 2024-10-09 04:38:25.

How can I get into LLM and genAI security domain? Is there any solid courses which teach this? Like pen tester path in HTB CPTS? I have gone through the OWASP for LLM.

The original post: /r/cybersecurity by /u/Humble-Breakfast2392 on 2024-10-09 03:38:36.

Hello, I am working for a fintech and I am looking for a way to automate the onboarding of internal users to make it fast, agile and secure. Do you know of any applications or software and I would also like to know what initiatives you have or know of for the blue/purple team?

The original post: /r/cybersecurity by /u/BeautifulBug6801 on 2024-10-09 02:25:04.

The original post: /r/cybersecurity by /u/Nearby_Maybe_2110 on 2024-10-09 01:38:41.

Hey everyone,

With AI agents popping up more in companies—especially across different teams and departments—I’ve been thinking about how we handle their security. These agents, built on large language models and hooked into various tools, have access to tons of data and can automate tasks like never before. But that also means they interact with way more systems than a regular employee might.

So, how do we keep them secure at every point?

Having worked in network and cyber security, I feel like we need to adapt our usual security measures for these AI agents. Things like authenticating and authorizing the agents themselves, logging what they do, maybe even using multi-factor authentication when they access different datasets. If their actions vary a lot, context-driven security could help too.

The goal is to use our existing security setups but apply them in new ways to these agents as they become more common and start interacting outside the company too.

What do you all think? How should we be securing AI agents in our workplaces?

The original post: /r/cybersecurity by /u/eawtcu15 on 2024-10-09 00:18:20.

So I recently accepted a position as a SOC analyst type role and wanted to see if there are any resources to prepare me. Some background on myself: been working in cyber compliance/risk management for the past 3 years as a federal contractor and just passed the CySA+ certification (in addition to Sec+). Most of my background is in governance, specifically policy development and compliance coordination. I don't have a ton of tech experience outside of basic log reviews, asset management, and CLI exposure through exams. Role is fairly vague in terms of what the actual day-to-day operations will be so want to make sure I can at least cover some bases so I'm not too lost.

The original post: /r/cybersecurity by /u/Level_Emotion_4415 on 2024-10-09 00:03:12.

The original post: /r/cybersecurity by /u/DrobnaHalota on 2024-10-08 22:34:20.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-10-08 21:28:28.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-10-08 21:03:19.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-10-08 21:01:43.

The original post: /r/cybersecurity by /u/Own-Holiday-5741 on 2024-10-08 19:24:14.

Title says it. I’m a appsec engg and one of the biggest pains is tracking everything (such as network diagrams, threat models, scanned vuln results, etc) through a tedious ticketing system (we use Jira) and making sure we also capture info/details the right way so it’s complaint as per audits.

Is there anything else to use aside from Jira? Or any new ideas of tooling to make the tracking easier?

The original post: /r/cybersecurity by /u/honestyandhoes on 2024-10-08 19:17:53.

I'm worried because the same day I told him, my supervisor helped me finish some work he assigned me and I feel like it was because he thought I was being slow on the assignment. And I'm just stressed right now.

The hiring manager ended up saying I didn't have enough years of experience anyway but I didn't want this coming back to me if the hiring manager talked to my current one about it.

The original post: /r/cybersecurity by /u/Anoxium on 2024-10-08 18:50:13.

Hello everyone,

i was tasked at work to create a powerpoint type of thing to educate people at work about cyber security. This would include people from accounting, janitors, hr, administrative people, professors, assitents ... People with all degrees of education and knowledge. The task fell to me because i am currently going through the Google cybersecurity professional certification in my free time, and that made me the most qualified to do this. Sad, i know.

So since I need to cover basic stuff for people who barely know how to find the space key on the keyboard and for professors that teach software development, i was wondering about topics and how in depth is ok to go. It needs to be general purpose so ALL employees understand it, but also good enough to be of at least some help to everyone.

Ideas are very welcome and appreciated! What to cover, what not (due to complexity or whatever other reason). The point would be to teach people about phishing, trojans, viruses, malware, don't click on links in emails from shady sources, clean your browser cookies, don't use the same password for everything, those sort of things...

The original post: /r/cybersecurity by /u/twrolsto on 2024-10-08 18:35:12.

So,

I have a request from a project to point them at a secure, online, PDF editor that can merge/split files as well as convert pictures into PDFs

Of course they want it free (yeah, I know) oh, and, on occasion, there may be PII involved (because of course there is).

On the plus side, if there're no good free options, they'll consider paid ones so if you have any recommendations for online, secure, paid options I'll take those too.

I figure it's an exercise in futility but, just in case someone has already done the impossible....

The original post: /r/cybersecurity by /u/NISMO1968 on 2024-10-08 10:46:27.

The original post: /r/cybersecurity by /u/GSaggin on 2024-10-08 09:56:38.

The original post: /r/cybersecurity by /u/Right-Influence617 on 2024-10-08 08:36:31.

At The Cipher Brief's Threat Conference, Gen. Timothy Haugh called for ‘whole-of-nation response’ to China challenge.

The original post: /r/cybersecurity by /u/TheAfricanMason on 2024-10-08 16:49:15.

So, I've recently been contacted by a recruiter for an upcoming government contractor specializing in weapon manufacturing for an IT Security Manager position. I come from a background with sysadmin experience of 6-7ish years and multiple certs including one for PenTest+. I nailed the first round and am proceeding to the second. I received the company and CEO's names via the 2nd round interview invite. So, I immediately started digging.

I found his, wife's, and parents' socials wide open with all of their info, likes, and interests. I figured I could make the interview a bit interesting when they ask "How much do you know about the company?" I could spout off all the company info and then also start spouting super personalized details about the CEO such as favorite drink, kid's grade level, music interest, psych topic interests, and hobbies for shock value. On one hand, this could be impressive since you'd want to know where to seal this issue up and it shows I can find a bit more than just corporate vulnerabilities,but also information for spear fishing or "whaling".

On the other hand, this could also be perceived as immensely creepy and he'd not want to move forward. So, then I'm in a moral dilemma because I know this information and I could very well use it to "mirror" the executive so, he has a natural positive bias towards me. This would definitely be unethical, but that's the reality of the modern age. Most positions are selected off personality and not so much merit in the corp world.

Anyways knowing all this what is your opinion? Should I use this info for one of these methods? Should I disregard them completely? What are your opinions on using OSINT information to move up in your career?

The original post: /r/cybersecurity by /u/IamMyQuantumState on 2024-10-08 16:23:14.

I'm a mid career cybersecurity engineer with CISSP and other 2nd tier certifications. My day job is basically 100% on site and there's no opportunity for extra hours. My sisters work in nursing and can get extra hours as much as they like.

I'm trying to save money for an overseas trip so I was looking for an after hours job. It seems that there are ZERO obvious positions for evening part-time remote work / 1099 on-call jobs.

Am I looking in the wrong place? No virtual SOCs have openings for after-hours relief work.

I like the idea of tending bar, but I'd rather stay in my field.

Any advice / suggestions are appreciated.

The original post: /r/cybersecurity by /u/PastTechnician7 on 2024-10-08 15:48:02.

Hey,

Was wondering the background of people in cybersec. I know that people with accounting background tend go into systems auditing. Does anyone know of finance people moving in. I have sec+ & CCSK which I took during undergrad. Any insights?

The original post: /r/cybersecurity by /u/GroundbreakingWay178 on 2024-10-08 15:38:54.

I’m two years into my cybersecurity career and about to attend my first cybersecurity networking event. I currently work as a SOC analyst for a private company and would love advice on how to navigate the event successfully. What are some dos and don’ts to keep in mind? Also, what key topics or questions should I focus on to make meaningful connections and expand my professional network in the cybersecurity field?

The original post: /r/cybersecurity by /u/FloraTechie on 2024-10-08 15:34:42.

The original post: /r/cybersecurity by /u/Forsaken-Evidence590 on 2024-10-08 15:28:01.

Hey everyone!

Our startup has a small team of 5, and we're looking for recommendations for an ideal security setup to ensure data protection and control over device applications. Here are the key requirements:

1. DLP (Data Loss Prevention): We need a solution that allows us to monitor and prevent unauthorized data access or leaks.
2. Application Control: We want to have control over which applications users can install on their devices, and be able to track what's currently installed.

If you have experience with any security suites or specific setups that work well for a small team like ours, we'd love to hear your thoughts and recommendations! Ideally, we're looking for something that's easy to manage but provides strong protection and control.

Thanks in advance!

The original post: /r/cybersecurity by /u/Wellinst on 2024-10-08 15:18:45.

Hi, does somebody know where I can find any resources to learn cybersecurity best practices when developing web apps without going too in depth into network cybersecurity?

I want to learn what to do and what not to, if possible, with code examples.

The original post: /r/cybersecurity by /u/Lord_of_Lothric on 2024-10-08 14:58:16.

Hi folks. Looking to see if anyone has switched from a more traditional MDR package to Falcon Complete, and to see what kind of experience that was. I already have Falcon EDR, so the sensor is already deployed an all my endpoints.

For those who have made this swap, have you noticed an increase or reduction in noise, or has the service and tuning process been relatively the same? Has the managed response portion met your expectations?

In my case, I'm anticipating a savings of 25-30% of my current spend on MDR and CrowdStrike. It seems like a no brainer to me, but I wanted to see if anyone had issues with their Falcon Complete experience.

Thanks!