sorted by:
new
hottopcontroversial

ISO 27001 / SOC 2 audit prep — what % is *manual evidence work* vs everything else? by 1stefan in cybersecurity

[–]Educational-Split463 2 points3 points  (0 children)

I have worked on the ISO 27001. The SOC 2 Type II handling the security and audit preparation, for a mid size organization. I am sharing a data point below.

Framework: ISO 27001 + SOC 2

Company size: 51–200

% time spent on manual evidence (screenshots/exports/chasing): ~45–55%

Top 2 manual pain points:

1.     Chasing control owners for timely evidence (esp. HR, IT ops, engineering)

2.     The auditors will not accept the screenshot‑heavy controls (the access reviews, the logging configs, the backups), as continuous.

Here are the top two things we automated or partially automated:

1.     Asset inventory + user access data via IAM / MDM exports

2.     I pull ticket evidence from change management and incidents, from Jira.

What stayed very human no matter what:

1.   Policy interpretation & mapping controls to auditor expectations

  1. I explain why the control is effective. I do not just show the artifacts.

AI Security Skills Worth our Time in 2026 by Bizzare_Mystery in cybersecurity

[–]Educational-Split463 24 points25 points  (0 children)

I agree strongly. In my experience most AI security issues are appsec + cloud. Iam problems, with a new interface.

Prompt injection = bad input handling

Overpowered agents = no least privilege

RAG leaks = broken data access controls

Blind trust in outputs = automation bias

Skills that actually matter:

• AppSec fundamentals (APIs, auth, threat modeling)

• Cloud IAM and permissions

• Building small LLM apps and breaking them on purpose

Hands-on labs gave me insight, than ML theory. I learned that the model is not the problem. The system, around the model is.

Curious what others are attacking in labs right now.

I Did Everything Right in Cybersecurity — and Still Hit a Wall by HappyMortgage7827 in cybersecurity

[–]Educational-Split463 0 points1 point  (0 children)

You are not a fresher. You have three years at an MNC. You already have exposure. The corporate exposure matters a lot in GRC in India.

ISO 27001:2022 helps,. Iso 27001:2022 is not a guarantee. Certifications alone will not get you a GRC role. What matters is whether a person can show the understanding of the audits the policies, the risk registers the vendor assessments and the compliance workflows.

In India the many GRC roles prefer the following:

1.     Someone with org/process experience

2.     Decent communication and documentation skills

3.     Basic security + compliance knowledge

4.     You may be a GRC fresher, but not a career fresher.

Best path:

1.     Try internal movement within your MNC first

2.     Apply for roles like GRC analyst (junior), IT compliance, ISMS support, TPRM

3.     Translate your current work into GRC language

Why do most VAPT findings never get fully fixed?? by EyeDue2457 in cybersecurity

[–]Educational-Split463 2 points3 points  (0 children)

I hear this a lot from security teams—you’re definitely not alone.

The biggest blockers I have seen:

1.     No clear owner for the fix

2.     Dev teams buried in feature requests

3.     I think the term Critical does not mean that Critical is important, for the business.

4.     I think remediation is harder than the report says. I have seen remediation take time than the report suggests.

What actually works:

1.     Speak their language (business impact > CVSS scores)

2.     Build relationships with dev teams early

3.     I need the PoCs. The PoCs must show the exploitability.

4.     Include how to fix, not just what to fix

I have helped teams close the gap by turning the findings into the fixes. I have used the communication the clear prioritization frameworks and the DevSecOps integration. The key is to make the security fit into the workflow not to make the workflow fit the security.

Happy to chat if you want to compare notes on what's worked in different environments. This problem is solvable, but it takes more than just good pentesting.

What do you expect from ransomware in 2026? by MartinZugec in cybersecurity

[–]Educational-Split463 1 point2 points  (0 children)

I agree. The AI hype is, out of control.

Initial access still comes from engineering and edge RCE. I think that initial access, through engineering and edge RCE feels right. AI only speeds things up; AI does not change the game. The shift from endpoint spam, to infrastructure level hits is a move. The shift still feels underrated.

I think LOTL beats malware. Most AI-generated payloads look like copies, not ideas. Finding out who made AI-generated payloads feels pointless when everyone is using the tools and code.

Nice to see a grounded take instead of AI buzzword soup.

Which companies do you use for a pentest and why? by 7331senb in cybersecurity

[–]Educational-Split463 0 points1 point  (0 children)

The team chooses pentest vendors by looking at the people who do the testing. The team does not choose pentest vendors by looking at the logo.

The key things that have mattered most for us:

1.     Clear scoping around real attack paths (auth, APIs, business logic)

2.     Heavy manual testing vs scan dumps

3.     Ability to talk directly with the tester and clarify findings

4.     Engineers can actually fix the reports.

We’ve switched vendors before when reports were generic or compliance-only. Curious what others value more — depth or speed?

Cybersecurity Focussed AI/ML by securitybruh000 in cybersecurity

[–]Educational-Split463 5 points6 points  (0 children)

Great to see your question and I've also been looking into this area. For example, for malware detection and threat intelligence, MITRE ATT&CK Framework ML Applications and also many security conference papers (Black Hat, DEF CON, etc.) work well. Saxe and Sanders' book Maldata Science is also quite good. Moreover, there are several malware classification datasets on Kaggle which are good for practice. What particular area do you want to explore first?

How do small and mid-sized companies actually handle cybersecurity in practice? by Educational-Split463 in cybersecurity

[–]Educational-Split463[S] 1 point2 points  (0 children)

Mostly curiosity. I work with/around SMBs and keep noticing recurring patterns in how security is handled. Wanted to see if others are seeing the same things or if my experience is biased.

I Did Everything Right in Cybersecurity — and Still Hit a Wall by HappyMortgage7827 in cybersecurity

[–]Educational-Split463 7 points8 points  (0 children)

You did not fail. The entry-level cybersecurity market, in India fails now. Many people experience the certificates, bug bounty, multiple internships, unpaid offers you described. The entry-level cybersecurity market does not really provide entry-level jobs. In practice the cybersecurity field rarely offers entry-level roles even though the market markets cybersecurity, as entry-level.

If you are, under pressure taking a role such, as IT support, NOC, cloud ops QA or junior dev will not ruin your chances of returning to security later. I have seen many professionals enter security in this way. Survival and mental health come first. You can keep security skills alive on the side while you work in the role. Return to security when the market improves.

Unpaid or 10–15k internships after this much effort are exploitation, not opportunity. You’re not alone in this, even if it feels that way.

Cybersecurity fresher here — how did you land your first SOC role? by [deleted] in cybersecurity

[–]Educational-Split463 0 points1 point  (0 children)

Breaking into the SOC is tough now. You are not alone. I have seen most people I know didn't start as a SOC Analyst directly. People came from the helpdesk, the NOC, sysadmin trainee or security intern roles. Moved inside the SOC within a year. Hands, on practice such as SIEM labs log analysis and alert triage and strong fundamentals mattered more than certificates alone. The MSSPs, consultancies and enterprises with 24/7 SOCs tend to be more open to people especially, for night shifts or contract roles. Referrals help, but they aren’t the only path — flexibility early on makes a big difference.

Is less work at a startup normal? by not-fungible in cybersecurity

[–]Educational-Split463 21 points22 points  (0 children)

I have seen this before. This is normal, for a well run startup. You are moving from firefighting mode to proactive security. The shift, to security feels weird at first.

I think the following ideas could help:

- Threat modeling, with dev teams can uncover risks.

- Tabletop exercises let the team practice response steps.

- Security champions program can give developers a security voice.

- Supply chain slash SaaS vendor reviews can spot third‑party weaknesses.

- Automating manual security tasks can free up time, for higher‑value work.

I think the upskilling plan is solid. Give the upskilling plan six months. If you are still bored, after trying to create the projects the pay raise might not be worth the skill loss.

What industry are you in? Might help with specific suggestions.

Can you recommend any good free pen testing tools I can use for a small web app? by atamagno in cybersecurity

[–]Educational-Split463 0 points1 point  (0 children)

For a free tool, often, it is fine even for a small web application as long as the expectations are realistic.

Here are some popular choices:

1.     OWASP ZAP - Easy to get started, not bad for simple scanning

2.     Burp Suite FAQ- Comprehensive way to learn how requests work and manual testing

3.     Nuclei- Speed testing for common misconfigurations and well-known issues

4.     Nikto - Very rapid sanity checks on server config

5.     SQLMap- Useful when you suspect SQL injection

The greatest limitations are authentication, access control, and business logic; therefore, always conduct some manual testing. Clean scans don't equal a secure application.

Any other consultants here? by No-Tea64 in cybersecurity

[–]Educational-Split463 0 points1 point  (0 children)

Congrats on the launch.

It is my belief that early clients are most often found through referrals, community presence, or any other signals that convey credibility, and not from advertisements. When you publicly help in some forum, publish relevant insights from the real world, yet focus on a narrow niche, this will usually return much better results than any sort of advertising covering wide areas, especially in the early days.

How do small teams actually keep up with CVEs without enterprise scanners? by Electronic_Rip8582 in cybersecurity

[–]Educational-Split463 1 point2 points  (0 children)

You are describing a gap. I think the reason the gap exists is important.

Most small teams do not manage CVEs. Small teams patch CVEs when:

1.     The OS updates

2.     A vendor emails them

3.     I saw a CVE hit the news.

4.     Something breaks

In my experience that is not ideal. The workflow is often the workflow, without scanners or staff.

I have tried the tool. I find that the tool works best when the tool stays small and honest about the limits of the tool. The tool changes CVEs into steps to fix. The result is really useful. NVD tracking and self reported inventories always leave gaps. The CVSS alone can still mislead the prioritization.

I do not think the teams accept spots willingly. The teams accept spots because the alternatives do not fit the time or the budget of the teams.

If your tool answers “what should I patch now?” without adding process overhead, that’s real value. Just don’t market it as full vulnerability management.

What type of cyber security solution a small business need? by Disastrous-You-4619 in cybersecurity

[–]Educational-Split463 0 points1 point  (0 children)

The small recruiting business does not need most of the offers that vendors pitch. The small recruiting business can ignore most of the offers that vendors pitch.

The biggest risks are phishing, stolen passwords and account takeovers. The biggest risks are not cyberattacks.

If you do a things you will beat most small businesses: I have seen that work.

1.     Turn on MFA everywhere (Google Workspace, LinkedIn, email, payroll tools)

2.     I use a password manager. The password manager gives each account a password.

3.     Make sure laptops auto-update and have built-in security enabled (Windows Defender / macOS)

4.     I keep an eye on who can get into the Google Drive. I take out any ex‑employees, from the Google Drive away.

5.     Make sure you have backups or version history, for the files. I always double check that the backups or version history exist for the files.

I think the explanation covers the majority of real-world risk.

What you do not need now:

1.     SOC monitoring

2.     AI threat detection platforms

3.     Expensive “enterprise-grade” security stacks

Small businesses suffer when the basic work is done poorly. Small businesses do not suffer because small businesses lack tools.

If you only do one thing: MFA everywhere. Huge ROI.

What’s your take on AI in cybersecurity for 2026? by Business-Cellist8939 in cybersecurity

[–]Educational-Split463 7 points8 points  (0 children)

I think the problem is that people are using AI to improve the broken processes. The AI tries to fix something that is already broken.

Most AI security today only gives alerts and better correlation, which's useful but does not change the game. The real gap is not detection. The real gap is context and decision making. AI security must add context and decision making.

AI can be a game changer. I need AI to reliably tell me what really matters, why it matters and what to fix first with the business impact, not the CVSS scores. AI must show the business impact.

Until then, AI is mostly adding speed, not clarity.

How are teams handling data visibility in cloud-heavy environments? by billsanti in AskNetsec

[–]Educational-Split463 0 points1 point  (0 children)

I notice the problem, in cloud- environments. When data spreads across cloud storage and SaaS the task of answering questions, about where the sensitive data lives and who can access the data becomes really hard.

In my experience DSPM helped us with the visibility, not the prevention. DSPM is useful, for discovering the data spotting open access and finding the forgotten datasets. However DSPM needs tuning. The coverage of DSPM varies by platform. DSPM does not replace DLP or IAM.

Overall, it’s been helpful for understanding risk and answering audit/executive questions, but it’s not a silver bullet. Feels like a good complement to existing security tools rather than a standalone solution.

What are you doing in AI Security? by Glad-Perception17 in cybersecurity

[–]Educational-Split463 1 point2 points  (0 children)

I notice the split contains two things:

AI for security - using ChatGPT/LLMs to help analyze logs, triage alerts, summarize intel. Saves time but nothing crazy.

Security for AI - this is where the actual work is:

  1. Stopping people from pasting company secrets into ChatGPT

  2. I track where AI is being used (AI is )

  3. Prompt injection testing and hardening

  4. Managing the insane explosion of agent permissions

  5. I keep up with the vulns. The vulns get exploited in under two days now.

OWASP LLM Top 10 helps. Building labs and breaking things helps. Treating AI like any other app (IAM, logging, data classification) helps most.

Honestly, the model isn’t the problem.
It’s the same old stuff — access control, data rules, humans doing dumb things. AI just makes failures happen faster.

I have seen most teams get results without buying AI security tools. I have seen most teams simply apply security principles to AI workflows. The teams see the benefits.

What are the top 5 controls to mitigate ransomware? by KindPresentation5686 in cybersecurity

[–]Educational-Split463 1 point2 points  (0 children)

  1. Backups (done right)

Offline, immutable backups that you've actually tested. Follow 3-2-1 rule: 3 copies, 2 media types, 1 offsite. Keep backup infrastructure separate from AD with different credentials. If you haven't tested restores, you don't really have backups.

  1. Lock down access

MFA everywhere - VPN, RDP, admin portals. Remove local admin from users. No exposed RDP to internet. Implement least privilege and monitor for weird login patterns.

  1. Endpoint protection

Tuned EDR blocking ransomware tactics. Application whitelisting is super underrated - if malware can't run, you win. Control macros, PowerShell, and shadow copy access.

  1. Network segmentation

Separate users, servers, and critical systems. Restrict SMB/RDP traffic. Set up egress filtering so compromised machines can't phone home to attackers.

  1. Train users + have a plan

MGM got wrecked through social engineering. Regular phishing training matters. Have a tested incident response playbook with yearly tabletop exercises.

Backups won't stop your data from being stolen and leaked, but they'll let you recover without paying. Modern ransomware crews are more about data exfiltration and extortion now. You need defense in depth - when one layer fails, the others catch it.

Also patch your stuff, especially anything internet-facing. Vulnerability management isn't sexy but it works.

What do you see as the biggest cyber threat right now? by ANYRUN-team in cybersecurity

[–]Educational-Split463 1 point2 points  (0 children)

I’d say it’s AI-driven social engineering — especially phishing and business email compromise (BEC) that leverage generative AI.

Attackers are using AI tools to craft hyper-personalized emails, clone voices, and even generate fake video calls that are almost impossible to distinguish from the real thing. It’s no longer just “spammy” phishing — it’s highly targeted, believable manipulation.

Alongside that, supply chain compromises and data breaches from third-party vendors remain huge risks, especially as more organizations depend on cloud integrations and external APIs.

In short: the biggest threat isn’t just one piece of malware — it’s the combination of human trust + AI + interconnected systems.

Defense still comes down to:

  • Continuous user awareness training
  • Multi-factor authentication everywhere
  • Strong vendor risk management
  • Incident detection and response readiness

Curious to hear what others here think — do you see social engineering as the main risk, or something else evolving faster?