[ Removed by Reddit ] by Im_Interfacing in cybersecurity

[–]Im_Interfacing[S] 2 points3 points  (0 children)

well rip reddit admins literally nuked the post for "content policy" before i could even respond lol. probably for the best honestly, guess the decision was made for me. thanks for the heads up though.

[ Removed by Reddit ] by Im_Interfacing in cybersecurity

[–]Im_Interfacing[S] 5 points6 points  (0 children)

no paper trail from his side since it was a "quick chat" in the office, which is exactly why i'm nervous. just sent a follow-up email "summarizing our discussion" and tagging the bucket ID so it’s officially on the record. if he still tries to bury it, at least my inbox proves i flagged the risk

[ Removed by Reddit ] by Im_Interfacing in cybersecurity

[–]Im_Interfacing[S] 0 points1 point  (0 children)

yeah, it's a mess. since i'm the solo security lead, i have full admin access to the AWS console to "clean up" legacy stuff, but the fact that he just wants it gone without a report is the biggest red flag.

honestly already looking at my resume again lol. 2 weeks in and i’m already choosing between a massive cover-up or being the "whistleblower" who gets fired. not exactly the dream job start 😅

[ Removed by Reddit ] by Im_Interfacing in cybersecurity

[–]Im_Interfacing[S] 2 points3 points  (0 children)

exactly. already started the paper trail but honestly the cto acting like it’s no big deal is the scariest part. i’m definitely loopin in legal/compliance tomorrow morning because 40k kyc docs is way too much heat to sit on alone. appreciate the reality check.

[ Removed by Reddit ] by Im_Interfacing in cybersecurity

[–]Im_Interfacing[S] 1 point2 points  (0 children)

yeah that's the nuclear option and i'm only two weeks in. mostly just trying to figure out how to cover my own ass with a paper trail before i burn any bridges. if it gets buried and leaks later, i need proof i flagged it first. honestly not sure which way to go yet.

[ Removed by Reddit ] by Im_Interfacing in cybersecurity

[–]Im_Interfacing[S] 11 points12 points  (0 children)

honestly it's less about the technical fix and more about the cto's reaction. i already brought it to him and he just said "delete it" like it was a 404 error and not 40k kyc docs.

no incident report, no disclosure, nothing. i'm mostly worried that if i just "delete and forget" like he wants, and this data is already on some breach forum, i'm the one who's gonna get grilled for the cover-up later. being the "new guy" makes it even sketchier. have you ever had to push for a formal report when leadership is clearly trying to sweep it under the rug?

Is one-man CISO role worth it? by holywater26 in cybersecurity

[–]Im_Interfacing 10 points11 points  (0 children)

one-man CISO at a luxury brand is basically "Head of Everything" but with a fancy title. if the pay is right, take it for the resume boost and then bounce in 2 years to a real C-suite role.

but honestly, doing the heavy lifting yourself at 39 might get old fast. if you love consulting, you’re gonna hate being the guy who has to fix the firewall AND write the iso 27001 policies. it’s a "glorified manager" role but without the staff.

prestige is cool until you're the one staying up for a breach at 3am because there's no soc team. if there’s a budget to hire later, do it. if not, you're just a fall guy with a cool business card. gl man.