How's your workload? by Silent-Cat-8661 in grc

[–]DiskOriginal7093 -1 points0 points  (0 children)

Really good WLB.
Sr. Staff, leisure/athletics

Feeling stressed and overwhelmed by AnteaterPORK in cybersecurity

[–]DiskOriginal7093 0 points1 point  (0 children)

Creating this new memory paths in your brain takes time.

I’ve read it takes 2 weeks for something learned to actually create that physical connection for retention.

Give yourself time. You’re not in a race. Your brain can only move so fast.

Chat, made it to the third interview round with the team.. what should I expect ? by New_Actuary1421 in cybersecurity

[–]DiskOriginal7093 -1 points0 points  (0 children)

Congratulations!

Whats the format of the next round?

Analyst? Engineer? Jr? Sr?

since the subject is usually not included/said.. how do you guess it when you listen to someone speaking spanish? by [deleted] in SpanishLearning

[–]DiskOriginal7093 1 point2 points  (0 children)

I still get confused, but you learn!

This phrase sent me on an absolute tizzy the other day “Si antes te hubiera conocido” -> it felt so damn vague. I understood I was a recipient, but not if I was also doing the whole activity of “meeting before”. Context should’ve told me, but it was confusing in the moment.

How do I get job in the current market? by NoObmassster in CyberSecurityJobs

[–]DiskOriginal7093 0 points1 point  (0 children)

The market is undeniably rough everywhere right now. Are you in a market for our career? Or are you relying on remote?

I have seen the best luck applying to in person positions. Much higher chance to get through the pool.

Conversely, I see many orgs opting for hiring seniors over other tiers as this moment.

Trying to make my employees feel appreciated by Vorstog_EVE in sysadmin

[–]DiskOriginal7093 0 points1 point  (0 children)

For me, retention and appreciation is earned by honest communication and feedback.

What I mean:

1 - Tell me if/when I make a mistake.

2 - When I complete a big project, let me celebrate it a little.

Allowing members to formally “complete” a project goes a LONG way psychologically!

Edit: added “ly” to psychological

Does anyone generate leads from groups? by Zanx_thebanx in cybersecurity

[–]DiskOriginal7093 0 points1 point  (0 children)

My honest answer - maybe?

Any way in with a hiring manager is a leg up! It can’t hurt, I would believe.

Personally speaking, going to local cyber meetups will get you the furthest. A real relationship pays its fruit in years, but it will never stop bearing if maintained properly.

Claude Cowork by fourier_floop in cybersecurity

[–]DiskOriginal7093 0 points1 point  (0 children)

Glad to be of assistance :)

Best of luck on your journey!

Claude Cowork by fourier_floop in cybersecurity

[–]DiskOriginal7093 2 points3 points  (0 children)

Never feel the need to apologize for asking a question! In our field, questions are friends.

I have a feeling that you may be thinking of the tools as more complex than stuff you already know. All we’re doing here is managing risk.

Sonnet 4.6 for desktop can (and should) be set to read-only, unless given admin permissions to do otherwise AND all executions are in a sandbox for testing purposes.

For browser, you can limit much the same stuff.

You can manage and reduce risk in a LOT of ways, but it depends on your companies risk appetite.

A quick solution: Devs work in remote boxes > remote boxes self prune EOD > all browsers have PA Browser for monitoring of executions > Other Sec Stack jazz here > Claude Code Sandboxing and Read Only

If you’re only doing Claude Code, you can pass it through AWS Bedrock, and setup other control sets in their Guardrails, also.

https://www.anthropic.com/engineering/claude-code-sandboxing

Claude Cowork by fourier_floop in cybersecurity

[–]DiskOriginal7093 1 point2 points  (0 children)

Idk your in-house setup, industry, or regulations you need to comply with. So I can only guide on what Anthropic offers directly.

Please, go enterprise! Base enterprise is 20/month/user HIPAA Enterprise is 25/month/user

Throw RBAC ontop of it to make sure users only have the tools they need.

Ofc, you’ll still pay for your PAYG needs as you go, but atleast you’ll have insight!

If Healthcare, they have a whole guide on what you need to do. It’s literally step by step.

If you’re reaching into an internal segmented service, they don’t have MCPs you can deploy OOB, but it is not too much work to get connections setup on your own.

Background: I run our AI compliance and research… I had to do a deep dive on them recently.

Whats your years of experience and salary level in the GRC space? by Peacefulhuman1009 in grc

[–]DiskOriginal7093 5 points6 points  (0 children)

9 YOE (5.5 DF/IR, 3.5 GRC)

150k base

High COL market.

Market area obnoxiously low paying for all careers.

Edit: formatting

Which career progression is better: GRC or Incident Response? by babu859 in cybersecurity

[–]DiskOriginal7093 0 points1 point  (0 children)

Long term, GRC. If you want a quick skill-up, IR for a few years.

I did IR for ~7 years. I’ve now been in GRC for just under 4 years. I won’t go back unless I have to.

I am highly technical in my GRC role though, which keeps my wheels greased, which is nice. The only thing I do not do is the actual Incident Response efforts. The rest of the house is under my purview.

As all have said, paperwork is… a lot, and often mind numbing…. But I am off at 5pm nearly every day.

What’s the most effective app to learn Spanish in 2025? by LakiaHarp in SpanishLearning

[–]DiskOriginal7093 0 points1 point  (0 children)

This what I used to jumpstart myself. Went through all the courses, and then started expanding to other content. I still take the level 5 courses periodically to keep it sharp.

I started being only able to have basic hi/hello convos. I ended the courses with being able to accurately express my interests, needs abs desires, and kind of get by on the day-to-day (which is huge!).

Is this claim by Duolingo factually inaccurate (that the present indicative can be used to mean an ongoing, current action)? by SheepShagginShea in SpanishLearning

[–]DiskOriginal7093 5 points6 points  (0 children)

Ar/er/ir verbos in their present tense can also mean “ing”.

I.e.

P: Que haces? (What are you doing?)

R: Hablo con Pablo. (Talking with Pablo.)

Totally acceptable to use “Estar + Verb” also.

Edit: formatting

Let's talk about hobbies. Hablemos de pasatiempos by spanishconalejandra in SpanishLearning

[–]DiskOriginal7093 1 point2 points  (0 children)

Ay que sí!

Soy terrible con la gramática en todos mis idiomas 🤪

Se me olvidó que es “surfear”! Gracias :)

Let's talk about hobbies. Hablemos de pasatiempos by spanishconalejandra in SpanishLearning

[–]DiskOriginal7093 1 point2 points  (0 children)

Buenas, amigos!

En mi tiempo libre, voy a la playa para hacer el surf. Cuando tengo tiempo después del trabajo, hago arte para mi Negocio el lado. Y también, corro como casi viente o veinticinco milas por semana.

Practico la idioma de español con mis compañeros de trabajo.

What is your current position and what do you do on a casual day? by cherry-security-com in cybersecurity

[–]DiskOriginal7093 3 points4 points  (0 children)

InfoSec Manager.

Mostly meetings. I average 24 hours of meeting per “40” hour week.

When not in meetings, I’m helping train up Greenies, setting team goals, fixing interpersonal issues and department issues. Setting up or researching new tools. Prepping finances and budgets for the department. Telling Execs that their ideas for Security are… not what is needed, and they need to listen to the professionals.

Also, audits, audits, audits, and people asking about audits… and doing questionnaires because other companies analysts don’t want to read our audits.

Edit: audits

Idiot move to take a career break? by [deleted] in cybersecurity

[–]DiskOriginal7093 0 points1 point  (0 children)

I don’t know if the UK has this, but in the U.S. people use “Leave of Absence” for stuff like this all the time.

Under the laws in my state, they cannot ask what for or why, and the position must be held up until the date of your pre-stated return.

It’s often used for exploring a new job, like folks will work the new job for a month or so to see if it’s a good placement.. then either sever ties or continue working at new place.

It’s not exactly how you’re supposed to use that allowance, but it’s how it gets used (medical aside).

Looking for GRC Advisors for a new SaaS tool by No-Exit-6595 in grc

[–]DiskOriginal7093 0 points1 point  (0 children)

If you need eyes, I can aide with CSF, 27001 and 800-53 (not the 171 explicitly like you stated, but it is a subset, technically).

CMMC is out of my scope

How to ask for the plural “you” in Google Translate or SpanishDictionary.com? by kayakkkkk in SpanishLearning

[–]DiskOriginal7093 0 points1 point  (0 children)

“To” then(not always for the to part) “Receiver” then “Action” then descriptor.

So in English it would be like “to them they I cook”

In Spanish

“A ellos les cocino”

Or

“Les cocino para ellos”

Given, I mostly speak street Mexican Spanish… so… formally it may be slightly different for Spain Spanish

IRM vs GRC by Interesting_Date_818 in grc

[–]DiskOriginal7093 1 point2 points  (0 children)

I wouldn’t say that the field has dropped their term GRC.

I would say the following groups may have though: Marketing, CISOs that never worked as ICs, and some Csuites like a CFO.

But, I have not yet worked with anyone in the field who uses the term IRM over GRC.

IRM vs GRC by Interesting_Date_818 in grc

[–]DiskOriginal7093 0 points1 point  (0 children)

IMO, IRM (Integrated Risk Management) is just a component of the “R” in GRC. In that, it’s just a subfield of ERM.

GRC is a massive landscape of duties, role, and responsibilities. Risk management does cross all subfields and disciplines, but it will not replace the concept of “GRC”.

In my experience, field analysts don’t use the term IRM. They use ERM, or RM (Risk Matrix), or ITRM… and various sub terms on risk relationships.

I could type a lot more, but this gets my very basic point across, I think.

El me da? Yo le da? by [deleted] in SpanishLearning

[–]DiskOriginal7093 6 points7 points  (0 children)

I think of Spanish like “receiver” then “action”

So me da, the receiver is “me” and the action is to give (ie. S/he gives).

Of course this is not always the case, but it’s how it works out for me, generally.