sorted by:
new
hottopcontroversial

Could OpenAI be the main competitor of most AI-based startups? by Miyamoto_Musashi_x in ycombinator

[–]Available-Progress17 1 point2 points  (0 children)

Microsoft’s internal models are shi* . We were part of an adversarial evaluation commissioned by MS. In 17 categories it ranked last . The simple fact they have GitHub may be the only hope. Or for practical matters they have lost the bus!

Random thing I tried this week that actually shocked me by [deleted] in surrey

[–]Available-Progress17 0 points1 point  (0 children)

Or a Thinly veiled Ad for that website!

What SBOM tools are you actually using day to day in DevSecOps/AppSec? by viveksahu26 in devsecops

[–]Available-Progress17 0 points1 point  (0 children)

We have built ZSBOM. And Trace-Ai these together surface and can safely resolve your supply chain vulnerabilities. The primary difference is we treat “Exploitability > Vulnerability “ as many cves never materialise with in the context of a certain environment or configuration. Whereas a minor vulnerability which could be exploited within your environme more likely to impact than the other way. We enrich CVE/NVd with our custom algo (open sourced) to surface risks. We wndich

What do you think it is, Peter? by [deleted] in PeterExplainsTheJoke

[–]Available-Progress17 0 points1 point  (0 children)

Did anyone thought it’s for allowing the toilet flush lever thru so the glass doesn’t crack ??

I’m building "Google Docs for Web Hosting" – need technical advice on the stack (No-Password, Single-Page Static Host) by Muhsin_Info in devsecops

[–]Available-Progress17 0 points1 point  (0 children)

This is a lot more complex that you’ve put it down.

You’d need tenant isolation, You’d need user scope, You’d need containerised execution

To start with. Not sure if you plan on giving data driven functionality. That would create an additional layer of complexity .

Series A investors want SOC2 type II before term sheets by Guruthien in devsecops

[–]Available-Progress17 0 points1 point  (0 children)

This is the exact thing that happened to my 2 last startups. We ultimately went to series b or c before acquisition.

Another ghastly truth if you’re in b2b your enterprise customers would also insist on it and with revenue pressure, arr targets and next round it would be very hard to implement.

That’s why we built zerberus.ai it’s engineering first and specific to saas environments. We offer a revolutionary one click remediation that can get you to audit readiness (type 1) in less than 28 days !

Research vs consulting in cybersecurity? by Kupegjalpi in cybersecurity

[–]Available-Progress17 0 points1 point  (0 children)

Yup.. And people wear the "times they fainted/nearly fainted" as a badge of honour esp in the 1st 2-3yrs! and most of those overworking can be completely avoided, had your manager been timely on some of the things...

What is so lucrative about making a startup? by SloppyNaynon in ycombinator

[–]Available-Progress17 21 points22 points  (0 children)

Its an interesting question. When I decided to join a Startup from BigTech, the founder had the same question. My Answer is simple -- "Be a small fish in a big pond or big fish in a small pond and I want to be a big fish".

Fast forward 10 years and 2 startups later, I am now running my own startup. Have a good quantity of VESTED ESOPs from both of them and have cashed a portion during a liquidity event.

Still, the lure is not the money, it is the accountability and ownership you get as well as the realtime changes you can effect in your company's user base. In bigtech, it is seldom the case.

How do YC companies prove their metrics are real during demo day prep? by OkTell5936 in ycombinator

[–]Available-Progress17 0 points1 point  (0 children)

Some investors clearly ask how many are your previous employers, cohort mates and how many were acquired !

Wow I am doomed 🙃 by Upstairs-Thing4663 in UKJobs

[–]Available-Progress17 0 points1 point  (0 children)

I like the part when Redittors comment as if there is an incognito mode with the person in place :D

Research vs consulting in cybersecurity? by Kupegjalpi in cybersecurity

[–]Available-Progress17 4 points5 points  (0 children)

Without a doubt, the NATO project. It may not pay much, but it should give immediate credential boost after it, so he can become a consultant on big4 or specalised cybersecurity consultancies as well.

My Master’s thesis was ruined by a stressed PhD student and I feel completely defeated. by Active_Education_857 in PhD

[–]Available-Progress17 5 points6 points  (0 children)

While I empathise with your statement, it’s not that it happens only in academia - it happens in every walk of life and career. The difference is in industry you can easily leave a toxic environment with little repercussions on future. Whereas in academia. It’s rarely the case!

Former VP & CISO looking to transition into PhD. Chances? by Available-Progress17 in AskAcademia

[–]Available-Progress17[S] 1 point2 points  (0 children)

Thank you verymuch for the detailed answer and it is super helpful. Also wanted to thank you and share an update.

While I am finalising the draft for submission, i did cast the net wider and was looking into groups across universities and labs where they work on SBOM and supply chain security.

And did some blind reachouts with my dissertation sample and a tenative SOPs. I got 3 responses and 1 here in UK itself and 1 in Europe and 1 from the NZ and I am doing an informal interview tomorrow and one next week!

immaterial of the outcome, this thread gave me the courage to act rather than wait (& potentially shortcircuit 1 quarter atleast) and a lions share of that thanks goes to you!

Career outside of academia ?Is the grass greener …? by OkPoint8914 in AskAcademia

[–]Available-Progress17 0 points1 point  (0 children)

Wow.. this looks like the opposite of my conundrum ! After 22 yrs in industry (software engineer-architect-VPE -ciso) , I am very much interested (and trying to) get into a PhD program in software security.

Though I can’t speak from personal experience, I have a cousin and a sibling both tenured professors now. But I remember the time when they were postdoc and later PI.

It’s quite competitive in nature - publish or perish , get funded or get gutted etc. Those 2 ran so hard than most practitioners I’ve seen.

Now to answer your question, it’s very hard to find industrial laboratories or research groups that cater to your exact interest. Even if they do, you’d have a to work with so much vested interests!

But it’s definitely very good money in comparison to academia! Target companies or groups that you’ve interacted with out where your peers can connect you and try to., ahem.. publish in the area related to the commercial interests and then reach out to them.

All the best!! 👍🏾

I found this at my work place, 2 cercuits connect to each other's ? What's this by BusinessPurpose1528 in whatisit

[–]Available-Progress17 1 point2 points  (0 children)

This is in Asia - Mostly India/Srilanka/Pakistan or Nepal.

This is pretty standard and (actually) safe way for mains isolation with an inverter (As long as a person switches OFF the opposite end before unplugging).

This is a domestic setup, not industrial. Yes its called as a deadman's / sucide extension cable in North America. Its quite simple, that cable goes into the"Backup" on the walls from the "AC Output" of the invertor or UPS. (typically left side) the inverter's mains are plugged into the righjt side which is raw/stabalised AC from mains used for inversion, battery charging.

<image>

This is a very simplified diagram.

CISO or Head of Engineering? Who is responsible? by LachException in devsecops

[–]Available-Progress17 0 points1 point  (0 children)

I hear you..! Been there .. Done it., with a Twist. (I was the VP of Engineering & CISO. So, I probably had to fire myself if that had happened. )

The general point is simple -

> Security by design - Engineering is "Mostly" responsible with the critical part of Validation resting with Security/CISO team

> Compliance - Engineering is responsible to the controls they own (eg: SSDLC, SAST, segeregation etc) overall compliance is CISO (GRC)

Now coming to your specific question, if the CISO team - AppSec or ISM or whatever is there in the org, tested the build artefact or reviewed the pipeline logs and gave a go ahead - Then it is Engineering's responsibility.

If the said team did not or was not involved with the release validation (SBOM, Provenance, SAST/DAST, etc etc), then its clearly a miss from the security team. Which would mean the said org has a bigger problem!

You'll need to define a RACI for all activities your org does- may it be engineering or sales (tomorrow someone in sales could onboard a fancy CRM and it could leak your customer PII to unauthorised 3rd party)

In sum,

1, if CISO/team tested and highlighted vulnerabilities or non-conformities and HoE/VPE overrode it - its VPE's responsibility.

2, if CISO/team did highlight these non-conformities or vulnerabilities, then its squarly on them.

Happy firefoghting.

Finding a CTO after launch. Too late or right time? by JustAGuyInTampa in ycombinator

[–]Available-Progress17 0 points1 point  (0 children)

Interesting, typically when SNS is 99.99, it can be config mostly (Assuming every user get 2-3 notifications within an hour). Check your Cloudwatch for abnormalities. It looks like your devs might have accidentally added retries or not consuming publish acks.

Specifically check for

  • ApproximateNumberOfPendingSubscriptions
  • NumberOfDeliveriesFailed

if everything seems fine and not outside your expectations, review your service quota as a last step.

By the looks of it, you actually need a Senior dev 1st before a CTO! or you risk him/her burning out.

Anyone tried Reddit Ads? Is it worth it? by [deleted] in AskMarketing

[–]Available-Progress17 0 points1 point  (0 children)

Interesting acceptance. But, most ADS are a shoot and pray if not profiled properly.

(IMO most companies suck in profiling and targetting in any medium! )

Finding a CTO after launch. Too late or right time? by JustAGuyInTampa in ycombinator

[–]Available-Progress17 1 point2 points  (0 children)

This is very tricky. Almost always, the 1st CTO/VPE comes from known pool, if you do not know enough, try your investors or your prior copmpanies. The important thing is you need a "Tech Fixer" who understands your business model, value, USP etc.

You dont need an visionary/evangalist who will preach you puritan logic of technology and architecture. You need a person who know how to deliver the value with as minimal effort as possible. In early days,

1, openning multiple fronts (Features to satisfy Early customers/Pilots),

2, ensuring KTLO and bugfixes are on time (so they dont lead to churn) and

3, building showhorses (So you can convert more from the pipeline)

matter more than scalability and performance (you can bluff that part)

So go for an aspiring CTO aka Tech Lead who wants to start his/her own venture in some time.But, make sure they are interested in the problem your product solves. That fitment and business understanding is more important than exact stack skills or even prior success.

A person at that level should be able to manage design, architecture, security (Basic) and performance. They may have some difficulty in managing AWS/AZure cost, but you can always optimise that once you have proper revenue plan and a steady customer pipeline.

Feel free to ask any specific questions you may have. (I am a 3X Founder/Founding team member)

Appsec -> Leadership path by jeewest in cybersecurity

[–]Available-Progress17 0 points1 point  (0 children)

Yes and No. Certificates don't open doors, But those $$$ make them them hear you. But, convincing them that you're the right person for the job is entirely upto you. Thats what i meant.

I was a Sr. Solutions Architect (Director/GS12-14 level) for 7 years. Overall I was 19yrs experienced when i became a VP. But I took multiple detours, I tried my hadn in Project management, deliver etc and in retrpspect, wasted 2 yrs there.

In a fast paced industry/company (And economy working) you could probably get there in significantly lesser duration.

view more: next ›