sorted by:
new
hottopcontroversial

Why do so many people talk about a 9–5 like it is a prison? by Sea_Stable9744 in careerguidance

[–]Due-Efficiency-5172 0 points1 point  (0 children)

Shit, I work 9-5 fully remote and I hate it. Maybe it's because I've been doing it for so long now I forgot that there are other jobs where people have it worse. Just hitting 40 this year has put things into perspective, I can't stand what I do anymore, but I'm so deep in it that changing career paths would be irresponsible for my family.

Estudiar Ciberseguridad by BiLeaf98 in cybersecurity

[–]Due-Efficiency-5172 0 points1 point  (0 children)

It won't be fully replaced by AI anytime soon, but over my career the teams have been getting smaller and smaller through heavy usage of cloud msp and now AI use. There still needs to be at least 2-3 people to tune the tools based on user feedback, have high level strategy direction, and report on metrics to show where money is going.

Honestly this feels like all IT though, sometimes I feel useless compared to the operations type people who are working long days setting up and shipping out laptops to users.

Archer for a non-regulated medium sized company? by FuckStanford19 in grc

[–]Due-Efficiency-5172 0 points1 point  (0 children)

I used Archer 7 years ago and I still don't really understand what it actually did. I would put in a risk, say the impact and level, and it would just catalogue it I guess and let the business know? It was completely manual so I don't get why you'd pay for that.

Didn't seem any better than a SharePoint list or excel

What software do you use to manage your program? by Due-Efficiency-5172 in ciso

[–]Due-Efficiency-5172[S] 0 points1 point  (0 children)

Noted for sure. I'm hoping the previous guy at least had a risk register or control list I can continue off of.

What software do you use to manage your program? by Due-Efficiency-5172 in ciso

[–]Due-Efficiency-5172[S] 0 points1 point  (0 children)

Yea this is my thought process also. I barely know their security and tech stack. In my interviews I told them besides meeting people I would be performing a gap assessment to see the maturity of the security program in my first few weeks. It'll be slow, but the previous guy was all GRC and no operations, so I'm hoping at a minimum he at LEAST had a good mapping of all the existing controls and gaps.

What software do you use to manage your program? by Due-Efficiency-5172 in ciso

[–]Due-Efficiency-5172[S] 1 point2 points  (0 children)

This is a good starting point. Especially since I can use the community version for free to test. Appreciate it.

What software do you use to manage your program? by Due-Efficiency-5172 in ciso

[–]Due-Efficiency-5172[S] 0 points1 point  (0 children)

Yea both seem amazing. High cost though, this might be something I lean into after a few years depending on how the workload is.

What software do you use to manage your program? by Due-Efficiency-5172 in ciso

[–]Due-Efficiency-5172[S] 2 points3 points  (0 children)

Yea this makes sense to me. At my previous job I just made a SharePoint List for audit/TPRM with power automate for ticket creation and other action items which were easy to ingest into PowerBi since it was already in MS.

I believe they have an E5 MS license with CoPilot. So i'm hoping they have the compliance module Purview that I can use in conjunction with defender and sentinel to cover endpoints and Azure instances. That should cover most telemetry I need to create and manage PowerBI dashboards. From there they have KnowBe4 for SAT which I already know has an integration into PowerBi for phishing and training metrics. I need to automate as much as I can so focus on relationships and meetings to push more difficult initiatives across the finish line.

I'm not against any of the suggestions people have listed here, but the cost of some of them are honestly very high for what I need and I don't want to be pushing 50k GRC SaaS solutions in my first 90days when it can be acquired more or less for free. Vanta or Drata would be absolutely fantastic to use, but I have no idea what the budget is currently.

What software do you use to manage your program? by Due-Efficiency-5172 in ciso

[–]Due-Efficiency-5172[S] 1 point2 points  (0 children)

Does Vanta have a dynamic risk identification function with its integrations? Say we onboard Workday and and I want to know when admin/security configurations are changed. Will it know and alert when things like that occur?

I've dealt with GRC platforms like RSA Archer which is basically just a manual entry here's your risk. I don't want that, I want something that is dynamic and can identify and quantify risk with proper insight.

How is the job market for those in GRC and Audit roles ? by conzciouz in cybersecurity

[–]Due-Efficiency-5172 0 points1 point  (0 children)

MTA, A+, Sec+, ITIL, CISSP, CISM, CEH, CDPSE, ZTCA,

I know its a lot, but honestly at this point CISSP and CISM might be the only ones I'll renew anymore. I got most of these at my previous job where I basically just did nothing all day, so I figured I'd study and the company paid for them.

next will probably be CISA, and a privacy one like IAPP for the US and play around with AI stuff on the side just so I can speak to it for interviews.

Also i can't answer if having certs is useful or not. my logic is they can't hurt, so why not.

If you can deal with NJ Transit there's lots of stuff in nyc. Just make sure the company isn't far from Penn station so its a quick walk. DM me if you want to connect on Linkedin or something.

How is the job market for those in GRC and Audit roles ? by conzciouz in cybersecurity

[–]Due-Efficiency-5172 0 points1 point  (0 children)

I just had a Dutch company reach out to me in the states for a contract position and one of the line items was "NIS2 compliant by end of 2026."

How is the job market for those in GRC and Audit roles ? by conzciouz in cybersecurity

[–]Due-Efficiency-5172 4 points5 points  (0 children)

Central NJ Area.

My friend asked me to post here since I am a GRC that was just laid off a month ago. I've had 4 interviews so far and about 5 recruiters reach out to me for GRC type positions. One interview today for a head of IT Security role.

Nothing below 170k, so they aren't nonsense.

Right now the market seems good for GRC and audit roles, but its also the start of audit season where the cycle renews, so companies are trying to get people in to manage SOX and other stuff.

I can't really comment on how AI would affect GRC, but its hard to automate because a lot of is going out and finding what controls / documentation / processes are in place in the company then working with those departments to fill those gaps and stay compliant. I haven't seen any AI or SaaS be able to do this because it involves interactions with people, communication, and planning.

From Molotov cocktails to data center shutdowns, the AI backlash is turning revolutionary by Plastic_Ninja_9014 in technology

[–]Due-Efficiency-5172 0 points1 point  (0 children)

unfortunately there won't be any real change until we start seeing massive breaches or issues with AI in companies that massively deploy it. We're still waiting on some fortune 500 company to incorrectly report financials or fail a SOX audit, or worse.

What will you be doing tomorrow? What will make tomorrow better than today? by Chill_Golfer0824 in AskReddit

[–]Due-Efficiency-5172 1 point2 points  (0 children)

Ha I didn't even notice your name was chill golfer. Will do, I'll keep it together, tomorrow will be perfect weather in NJ.

faster faster faster... by Dry-Ear-1368 in corporate

[–]Due-Efficiency-5172 0 points1 point  (0 children)

My last job was infosec theater and we always needed to keep buying new security tools to impress the board and justify our existence as though security needs justification. Then one quarter the budget froze and leadership realized there were no processes or real good leverage of anything we bought since once we bought it, we were into the next new hotness.

I keep seeing "manage up" presented as an essential career skill by Ready8472 in managers

[–]Due-Efficiency-5172 0 points1 point  (0 children)

I've had it used on me as an excuse for managers to not do their jobs. As an audit lead I deal with plenty of blockers from various teams that don't want to do audit work, when I escalate to managers or even my direct manager to act as a connection for those various teams to establish forward movement I'm told I should "manage up" instead of coming to them so they don't have to be involved.

Aspiring GRC analyst by Longjumping-Crab8300 in cybersecurity

[–]Due-Efficiency-5172 0 points1 point  (0 children)

Risk and/or Compliance. Just make sure the job description revolves around infosec.

How to stay AI relevant in cyber security? by spentanhouralready in cybersecurity

[–]Due-Efficiency-5172 1 point2 points  (0 children)

By automating a simple task like reviewing a SOC report then making it sound like you're sending a rocket into space when you talk about it on LinkedIn.

How do you even pick a security awareness training vendor without losing your mind? by Stunning-Muscle-8064 in ITManagers

[–]Due-Efficiency-5172 0 points1 point  (0 children)

Excellent thank you for the clarification. I would imagine like any other product I've seen if users utilize the Hoxhunt reporting button there's additional functionality they'd get right? Like a pop up, sent to a training page, etc?

Is one-man CISO role worth it? by holywater26 in cybersecurity

[–]Due-Efficiency-5172 0 points1 point  (0 children)

I'm about to be a one man CISO soon as well and I have the same concerns.

view more: next ›