cybersecurity

The original post: /r/cybersecurity by /u/Rare_Protection on 2024-11-21 17:46:28.

As the title suggests, what data do CISOs use to justify their security budget outside of "we need to meet ___ compliance?"

Is it ALE? We're exposed to 2 Million dollars annually in cybersecurity risk so we need to spend just south of that to reduce risk?

Are there databases with this information, or risk quantification platforms used like Axio?

How does this work?

The original post: /r/cybersecurity by /u/Frosty-Champion7811 on 2024-11-21 17:24:12.

Just listened to a podcast about Cloud Identity Lifecycle Management, and it was super helpful! I didn’t realize how much goes into managing identities in the cloud. I’m still learning the basics, but this gave me a new perspective. Thought I’d share in case anyone else is curious about how this part of security works!

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-21 17:01:21.

The original post: /r/cybersecurity by /u/cr0mangia on 2024-11-21 16:05:53.

The original post: /r/cybersecurity by /u/Ornatbadger64 on 2024-11-21 15:43:26.

My mother died 6 months ago and it’s totally changed my perspective on most things, including my career.

I chose internal IT audit bc it’s the only job in cybersecurity I could land and it’s stable with good wlb.

I am not sure if I want to continue in internal IT Audit bc it’s boring. I find myself wondering if this is all my life will be: work papers, findings, meetings, more work papers and policies.

I don’t know where the internal IT Audit career path goes. What doors does internal IT Audit open? Where can internal IT audit take you?

I am no stranger to hard work and am willing to grind if there are greener pastures….i just don’t know what to do.

Background: 5 YoE as a Business Analyst and 2 YoE as Internal IT Audit (current role) at a large insurance provider. I have a MS Cybersecurity and sitting for the CISA soon.

The original post: /r/cybersecurity by /u/Artistic_Cod3111 on 2024-11-21 14:56:23.

Curious if anyone has tried it out or examined the project in detail

arXiv paper: https://arxiv.org/abs/2409.03789

Code: https://github.com/snow10100/pena

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-21 14:37:16.

The original post: /r/cybersecurity by /u/JCTopping on 2024-11-21 14:19:10.

The original post: /r/cybersecurity by /u/NeuralNotwerk on 2024-11-21 14:17:43.

I've seen some hate posts lately related to constantly having to study/learn security outside of work. I believe this is framed incorrectly. I don't think we need to constantly learn security. I think we need to constantly learn the tech we plan to apply core security concepts to.

This field simply requires a drive to continue learning and enough self directed learning skills to make digesting the influx of new tech easy. The core concepts of security stay exactly the same. The technology you apply them to changes by the minute. I think a lot of people conflate the passion for learning with the passion for security itself, admittedly I even make this same mistake regularly when mentoring, I say security instead of learning. Passion for both is absolutely great if that's your thing, but the passion for learning tech or what ever you want to apply security to should be enough.

There's also people with differing work experiences and differing intelligence levels. If your employer gives you time for continued learning and experimentation on the clock (which it absolutely should, if not, find another employer) - you don't have to appear as passionate about learning new tech outside of your working hours. If your employer is short sighted and doesn't provide adequate time/space/money for education, you are going to need to invest your own time outside of work in the pursuit of learning new tech and work towards finding a new employer. Even if your employer provides time for you to learn, but you are not someone that is capable of really handling self directed learning, you are going to need to appear passionate about tech outside of your job.

Are there employers where you can sit on arse and do almost no personal development without having to worry about it after hours? Yes, there absolutely are. These are not typically highly paid. You are also stuck should you have a desire to move or if the company shuts down. If you are forced into finding a new job after some time employed at a place that doesn't change, your skills and knowledge on current tech would have become so irrelevant that you are now out of a job and job searching while having to try to make your resume and interview skills relevant again - you've effectively become a new hire or fresh grad again.

There's another caveat to this. A lot of recent education and certification programs that try to get people into the industry quickly teach "security" (compliance) instead of the foundations that security can be applied to nearly anything. Most people who think security, not tech in general, are a constant slog are probably not well prepared to do security. People often misidentify security as compliance, checklists, antivirus, top 10s, and patching. If you've memorized "security" and you require someone else to provide you a checklist or some compliance framework to get things done, it probably really does appear like security is a grind game where your job is to memorize the latest framework and checklist. I'm literally cringing thinking about this closed view of what security is - and it doesn't even work to improve legitimate and functional security.

You can effectively abstract all of security to the CIA triangle. The problem is most people that don't seem to understand this aren't technical enough to make that abstraction. They don't want to be technical. For them, the constant drudgery of learning the latest security topic (not tech in general) really probably is miserable and I'd agree with them.

So what we do in security as competent security engineers and security professionals is apply basic concepts to tech we we keep up to date on. You can't secure it effectively if you don't know how it works.

What are the foundations that make you effective in security if they aren't security? OS admin, Net admin, and coding skills are what makes you competent to take on everything in security. Throw in some cloud and AI if you want to spice it up, but these are mostly abstractions on top of OS/Net/Code. If you've got OS admin, Net admin, and coding skills, there's almost nothing that is overly complicated and you can't figure out how to apply security to. The core concept of security can be had in the CIA Triangle.

The original post: /r/cybersecurity by /u/quality_fon on 2024-11-21 13:15:46.

Hi cybersecurity team, I am building ISO 27001 documentation creator App powered by AI assistance. User will answer questions and in the end it will give him full documentation for standard based on input. AI will help in terms of suggestions for input field, so user will have options to get full documentation for standard just by answering few basic questions within 5 minutes if he wants.

I know that there is many same apps on market, so can you tell me what are the biggest drawbacks of these applications? What would you like them to have? I'm asking this because I want to improve my product. Also, do you have any suggestions on how my product could stand out in a space of so much competition?

The original post: /r/cybersecurity by /u/msspburner on 2024-11-21 12:57:08.

Hi All,

I'm looking to test my homelab's automatic response to different attacks.

Can anyone recommend a ransomware simulation that'll work on Linux that doesn't require installing dependencies?

The original post: /r/cybersecurity by /u/Pirated_Freeware on 2024-11-21 11:51:56.

We recently deployed Qualys as our vulnerability scanner, we are getting many results that we are vulnerable to older .net core cve due to qualys finding the older .net files on our devices. Before we go to far into how to remove these I am trying to ascertain if on a fully patched windows 11 system that also has newer versions of .net core installed, are the old versions still a vulnerability that can be exploited, or is this just noise from our scanner since the files still exist.

The original post: /r/cybersecurity by /u/boom_bloom on 2024-11-21 11:44:07.

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-21 11:31:21.

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-21 11:30:51.

The original post: /r/cybersecurity by /u/WISE_NIGG on 2024-11-21 11:11:13.

Hello there, im studying network security engineering, and im on my 3rd year. I spend a good time everyday learning and i participate in CTFs usually.

I wanted to attend for the compTIA pentest+ cert after i came to a good package from a cyber security center, offering a 30 hours training on the pentest+ and an exam try for the cert, for a ~380$.

The cert is valid for 4 years, which sounds its too early for me to go for it now, because there wouldnt be as much time if i took it when postgraduation or after graduation, but they told me that companies dont pay attention to the validity of the cert as much as they value that you've achived it at sometime, and that his team all have expired certs and little people keep going for the exam every x time.

I need an advice on this whether should i take benefit from the offer, or it is early and i should wait some more time, espicially that this semester has comfortable university study time. Thanks yall for listening.

And english isnt my main so sorry if i caused confusion.

The original post: /r/cybersecurity by /u/borgy95a on 2024-11-21 11:09:28.

Hello,

I've inherited an estate that uses Crowdstrike. A decision, before my time, was made to move from one msp to another. As a consequence i have to uninstall the agent and reinstall the agent. This is due to the CID key in the agent cannot be changed.

I've done my googling but it appears there is no way to uninstall the crowdstrike agent from the Crowdstrike console? Is this really true, it seems a pretty blatant gap.

If this is the case i have other options but just want to check the shortest path to done really not present.

thanks

The original post: /r/cybersecurity by /u/DesperateForever6607 on 2024-11-21 10:26:10.

Hello everyone,

Our security team recently proposed an idea to improve account security by requiring separate accounts for different functions for IT team—e.g., one account for daily work, another for email, another for remote VPN, and yet others for firewall or network tasks.

The rationale is to reduce the risk of lateral movement or broader domain access in case an account (like email) gets compromised.

Has anyone else implemented a similar approach?

Would love to hear your thoughts and experiences!

The original post: /r/cybersecurity by /u/HovercraftNo8533 on 2024-11-21 10:21:13.

Curious to know if anyone has experience with a GRC risk management tool for 62443 assessments? I am used to using various spreadsheets and risk assessment templates created by customers, but nothing that automates the workflow.

Anyone know if Eramba could be configured to make 62443 risk assessments centralised and simpler?

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-11-21 10:21:04.

The original post: /r/cybersecurity by /u/tekz on 2024-11-21 10:19:14.

The original post: /r/cybersecurity by /u/ValidPrestige on 2024-11-21 09:55:59.

The original post: /r/cybersecurity by /u/Badger00000 on 2024-11-21 08:35:29.

Hello All,

We've been using a vendor to do our pen testing, and recently we wanted to try other vendors as well just to have a new pair of eyes on our product. I've been searching and I see Bishop Fox as a name that keeps coming up.

Did anybody work with them specifically in pen testing a digital platform (fintech)? how was the process? Who did you work with? and would you recommend them?

Additionally if you have recommendations for other companies that you had a great experience with I'd be happy to receive recommendations.

Thanks everybody!

The original post: /r/cybersecurity by /u/ShehbajDhillon on 2024-11-21 06:54:36.

I’ve been tinkering with cloud security a lot lately, especially around things like misconfigurations and how to handle them. I’d love to hear thoughts from people who interact with cloud environments for their day to day tasks:

• What are your biggest concerns with securing cloud environments (AWS, GCP, Azure, etc.)?
• How do you find and fix misconfigurations in your cloud setup?
• Are there any tools you rely on or pain points you’re dealing with?

I’ve been working on an open-source tool to tackle some of these problems, but I’d love to know what challenges others are facing and how you’re solving them.

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-21 02:24:56.