Other than DEFCON, Blackhat, and RSA, what are some good conferences to attend in the US this year? I want to plan ahead in case my employer finally releases some travel budget after stopping travel since the pandemic. I already attend my local Bsides and OWASP conferences so I’m looking for some interesting events that I can travel to. Otherwise, I’ll probably just go to DEFCON again. RSA has already passed.
Ah, yeah I feel you. That’s indeed an uphill climb especially if the higher ups themselves do not support you. I think a cybersecurity event is a good way to do it. If you end up getting smaller funding, you can also do short brownbag meetings with free snacks and/or giveaways. Free stuff is always an incentive for people to attend. Keeping events short (30 minutes or less) also helps. Then make your presentations interactive, instead of just lecturing do’s and dont’s to employees. Do scenario based discussions and let employees come up with ideas/solutions. That reinforces the knowledge if they feel like they came up with the answers and you validate them.
Does your org have a security awareness program? It would easier if you can mandate some training or at least some brownbag meetings where you can present some basic security pointers.
I actually know someone like this. He’s been in software engineering since the early 2000. I recently saw a post from him that he’s now a firefighter recruit.
Nothing as well, but not because it’s a holiday where I am, but because everyone else is on a public holiday. lol
It’s actually surprising how a lot of people in tech aren’t really aware of the security and privacy side of things, especially in their personal lives. They may be more secure at work because the infosec team has oversight, but outside of that I know a lot of very technical people who don’t apply basic security/privacy measures outside of work.
ISO27001 for policy development. CIS benchmarks for configuration. CIS controls for assessments. NIST for guidelines.
Someone correct me if I’m wrong, but don’t new major version upgrades of eOS require full re-installations?
Agree with all your points. If I had a penny for every time lift-and-shift is mentioned when migrating to cloud from on-prem…
There was one time I was traveling and had to reset one of my passwords. It sent a verification code via email but my email provider wouldn’t let me login because I was in a different country I’ve never been to before. So it was a train of recovery processes to reser my password on a single account.
I’m not an active member because I work mostly on the infra side, but I like attending events hosted by my local OWASP chapter. If you don’t put too much personal info on your resume, the info there is most likely on your linkedin anyway. But yeah, still a sucky situation. This server was likely put up when OWASP still wasn’t as organized as it is today.
For those who are more into the Governance part of Security, how is the pay compared to traditional roles (pentest, SOC, engineering, etc.)? Is it more or less in the same range? Also, if your organization has separate groups for Security and Compliance, do you (or your org) consider your team more Compliance than Security?
SMS 2FA needs to die. It’s infuriating that a lot of banks still rely on sms.
ISO 27002 audit season baby!
Tilda, because I can bring it down my screen with one key any time.
Really depends on the implementation. Deploying an immature level of zero trust is definitely more headache than benefit for end users. It boils down to the design and implementation. Haphazardly isolating networks without proper access authentication/authorization processes/technologies will definitely be hell.
To be fair, we sometimes have to look through multiple related documentation and tickets to make sure the change was actually reviewed and approved by the necessary teams (network, security, etc.). We also have an SLA for PR reviews/approvals and some people have a habit of sending it out for approval at the last minute of the change window.
Has anyone here ever worked a tutoring job from Varsity Tutors? I keep seeing them on linkedin with tutor jobs focusing on security. I was thinking it might be a good side hustle tutoring for just a couple of hours a week for some extra income.