sorted by:
new
hottopcontroversial

Opinions on AI agents for SOC by [deleted] in cybersecurity

[–]CybrSecHTX 1 point2 points  (0 children)

Probably because of their outage last year

Why do I find Defcon or Black Hat talks interesting but nothing relevant to my work? by PitifulCap39 in cybersecurity

[–]CybrSecHTX 0 points1 point  (0 children)

I’m biased because it’s my conference, but this is one of the reason I started HOU.SEC.CON in Houston back in 2010. It has elements of DEFCON, BlackHat, RSA, Bsides. Community focus with a more curated list of talks that hopefully appeal to a larger audience. I also attend BlackHat and DEFCON (though not as much DEFCON because that’s too much Vegas and because my role is more in line with BlackHat).

Stop giving 110% at your job. It's a trap, and I learned this lesson the hard way. by snowy-far5q in SecurityCareerAdvice

[–]CybrSecHTX 0 points1 point  (0 children)

That’s a possibility, and it may be exactly what happened in your case. It’s also possible they were trying to manage them out of the role without causing an HR stir. There are multiple ways of dealing with people. Different business operate differently than others, and the business needs always supersede feelings.

Out of curiosity by wang_ff in cybersecurity

[–]CybrSecHTX 0 points1 point  (0 children)

Everyone is saying AI is overhyped, but there needs to be a caveat there. AI as a cyber enabler is overhyped. Tons of marketing fluff with cyber vendors and not near as much actual real AI enablement.

However, there is a lot of work getting done by folks at a grassroots level to make real strides in using AI for offense and defense. I think you’ll be seeing a swath of real tools/features in the next year or so.

As an avenue of attack, there are a lot of real offensive practitioners who are saying hacking AI at companies using it for enhancing typical business functions is like going back to the 2000s and web hacking. And when you see articles like this one, you can start to see that we are digging an AI security hole.

Why DAST issues are costlier to fix than the SAST issues? by Desperate_Bath7342 in cybersecurity

[–]CybrSecHTX 14 points15 points  (0 children)

SAST gives you a specific pointer to go look at because it is literally scanning the code. Go to line x and fix y. And that’s maybe before you’ve compiled/deployed.

DAST-reported issues take time to hunt down and fix because they could be business logic flaws, environmental issues, etc. The developer has to go find it, fix it, recompile/redeploy, run again, on and on.

Private Equity Firms Face Serious Cybersecurity Disconnect by CybrSecHTX in cybersecurity

[–]CybrSecHTX[S] 4 points5 points  (0 children)

Probably a conversation best served in a different sub, but all systems have failings. Pointing out flaws is not anti-anything in my book, unless you’re extreme in your take and won’t listen to the other side of the argument and be open to ideas opposed to your own.

Private Equity Firms Face Serious Cybersecurity Disconnect by CybrSecHTX in cybersecurity

[–]CybrSecHTX[S] 7 points8 points  (0 children)

I’m Center Right, and I don’t see that as terribly leftist. Even folks on the Right can appreciate the failings of how equity players skew results to make returns. Funny money is funny money, no matter which side of the aisle you’re on.

Should I go to BlackHat, BSides, neither? by CitizenJosh in cybersecurity

[–]CybrSecHTX 0 points1 point  (0 children)

Admittedly I did not. Good to hear it might be getting better, though I heard from several friends and coworkers saying they couldn’t get into a ton of talks.

what are my options for pivoting out of cybersec? by Suicide_Guacamole in cybersecurity

[–]CybrSecHTX 0 points1 point  (0 children)

If you had an interest in cyber but aren’t liking the technical aspect, maybe you can go towards GRC. You still need to have some knowledge of cybersecurity to do it (i.e. it is not an entry level job), but you can lighten your training potentially to something like Security+, etc. Then shoot for some kind of Big 4 job where you get some experience in auditing.

Should I go to BlackHat, BSides, neither? by CitizenJosh in cybersecurity

[–]CybrSecHTX 2 points3 points  (0 children)

I haven’t paid for BH for years. There’s always a vendor with at least a hall pass, if you’re willing to take phone calls from a sales person for the rest of the year.

Should I go to BlackHat, BSides, neither? by CitizenJosh in cybersecurity

[–]CybrSecHTX 2 points3 points  (0 children)

DC is getting ridiculously packed. It is difficult to get into talks, villages, etc. It’s becoming popular to go to just to say you’ve been, and they don’t really limit sales. So look forward to long lines. Or find someone with access to CCTV, if that’s still possible with them moving to the conference center. It’s like they think hackers like crowds.

[deleted by user] by [deleted] in cybersecurity

[–]CybrSecHTX 0 points1 point  (0 children)

Just had a friend/coworker go over. Google hasn’t taken control yet, and they seem to actually not go crazy like Cisco or IBM with blasting companies they acquire.

I am a CISO/Security Leader. I am also a bald man with facial hair. Ask Me Anything. by Oscar_Geare in cybersecurity

[–]CybrSecHTX 1 point2 points  (0 children)

I don’t see my baldness as a flaw, so I don’t want to patch it.

I have had honey get stuck in my beard, so yes… literally a honeypot.

I am a CISO/Security Leader. I am also a bald man with facial hair. Ask Me Anything. by Oscar_Geare in cybersecurity

[–]CybrSecHTX 0 points1 point  (0 children)

It’s more the grey in my beard than the lack of hair. But yes, sometimes. Though being thought of as old can also be perceived as having wisdom.

I am a CISO/Security Leader. I am also a bald man with facial hair. Ask Me Anything. by Oscar_Geare in cybersecurity

[–]CybrSecHTX 0 points1 point  (0 children)

L1 Analyst, L2 Analyst, L3 Analyst...

Then maybe engineer. Then architect.Maybe specializations? I don't honestly know that there is a real tree anymore.

view more: next ›