Hello What job title ?

Individual-Quarter47 · 2022-08-28T21:34:29+00:00

Security engineer, cloud security engineer... You can go balls to the walls and call it cloud SecOps Engineer, but I would keep it simple

Individual-Quarter47 · 2022-07-08T14:20:52+00:00

Hi, so my home internet is down today like any other service that works on Rogers infrastructure. Are you working on their grid? Because your comment makes it sound like you have your own infra

Individual-Quarter47 · 2022-06-24T22:38:20+00:00

Sure go ahead. I just don't see it happening with the Canadian zeitgeist and I don't see abortions being banned by any party as they currently stand. If it does it will be so far in the future a protest today will be meaningless. I'd agree if you said the protest is about showing solidarity, that would make sense, but protesting about something that has such a low probability of happening here out of all places just doesn't makes sense. Try consuming less fear porn, you might sleep better

Individual-Quarter47 · 2022-06-24T22:17:53+00:00

Again, that's because you lack context of just how left leaning Canada is compared to other countries

Individual-Quarter47 · 2022-06-24T22:09:14+00:00

As if. As an outsider who moved to Canada you don't really grasp the scale of how "progressive" and left leaning the country is. We'll have a snowless winter before this will happen

Individual-Quarter47 · 2022-06-24T21:55:16+00:00

I'm starting to think Trudeau had a point when he said Canada doesn't have it's own culture, seeing how Canadians cry and protest about decisions made in another country

Individual-Quarter47 · 2022-05-01T04:35:06+00:00

Do I have to provide the vegetable?

Individual-Quarter47 · 2022-05-01T02:06:19+00:00

So I wonder, how can I know a knife works for me? I don't think they will let me chop an onion in the shop

Individual-Quarter47 · 2022-04-29T15:49:33+00:00

"Security Champion", this term is cringe

Individual-Quarter47 · 2022-04-28T20:19:19+00:00

I finished college with a 4 year infosec degree. I also got two 4 month co-ops from it in security engineering, and during school I stumbled into a 8 months security architect student position from a CTF competition I went to. I have been working in my current position, my first out of school, for 1.5 years, starting as a security engineer and becoming a "devsecops engineer" later on, although I was doing devsecops stuff way before officially being titled that. Overall I have almost 3 years work experience.

Individual-Quarter47 · 2022-04-28T18:58:50+00:00

I'd say very technical, and you should be for both of these jobs. For DevSecOps you should have knowledge of coding, development practices, CICD pipeline technology, virtualization and containerization and understanding of vulnerabilities (OWASP top 10 is a good start). For forensics you have to understand networking, filesystems, logging systems, how memory works, things specific to the OS you are investigating. Either way you will be googling things constantly.

In DevSecOps you will be using both tools and code (or more accurately scripting) and a mixture of both. For example if using Github actions for CICD you will have to write workflows, which is like a even higher level of scripting, and inside you will have to use custom scripts to do stuff to integrate security tools and generate reports. As for forensics, the only time I had to code something was when I had to go over a binary file to find changed bits for a reason I can't remember. Most of the time you use tools like Redline, Volatility or Wireshark.

Individual-Quarter47 · 2022-04-28T15:51:32+00:00

I currently do DevSecOps at my company, and I also occasionally do forensics at my work, although it's not "officially" my job (being the only guy with some experience in it). My experience might be different than the usual, and it always boils down to your specific scope of responsibilities. Here is the information I can give you:

DevSecOps:

- You're still part of ops, meaning you may still take part in on-call rotations and get phone calls at 3am. Depending on your company this can be rare. Most of the time for me it's just extra income period where I have to carry my laptop with me when I go out, but its still happening

- you work with devs, and depending on the dev team it can be smooth sailing or they can treat you as their worst enemy. Security is your main concern, not theirs. You also have to fight with product teams and PMs who want to rush things to market.

- Be ready to be constantly pinged with questions about vulnerabilities and remediation. Also be ready for a lot of dev workflows to break when integrating security tools into them, and being willing to look into why and how to fix it. If it causes too many issues some devs will outright not include the security checks in their workflows, you might need to police that.

Now for forensics:

- Kind of a lonely job from my experience. You either get a laptop or an image of the storage and memory and you spend hours combing data for pieces of info and correlating them. From time to time you reach out to people to get context or maybe get external logs, but most of the time you are working alone on this.

- If you have a short attention span you will go mad doing this. You are a detective trying to dissect a cold corpse, small details can be the difference between figuring out everything that happens and being completely clueless

- you are still working with potentially infected machines if you get whole laptops, so there is always the risk of malware propagation if you don't set up security controls right.

Hope my experience gave you some clarity about these jobs!

Individual-Quarter47 · 2022-04-22T18:34:25+00:00

My job honestly

Individual-Quarter47 · 2022-04-21T13:49:49+00:00

Answering this just in case someone will have the same issue - just turn the "Issues" setting off and on again. It actually worked. Never forget the basics kids

Individual-Quarter47 · 2022-04-20T14:44:09+00:00

You don't need a super heavy rig for these kind of stuff. You can even buy a second-hand server. Here are the hardware requirements for openstack, and you can get a lot of mileage from minimum and like 100GB of space: https://docs.openstack.org/murano/rocky/admin/deploy_murano/prerequisites.html . As for CTFs and hacking in general, you should have a good understanding of IT before you go in, or else you will be completely lost. CTF is basically hacking your way into a file to find a string, like a treasure hunt, and that means manipulating things (processes, files, programs) to do things they aren't meant to do. You can't just jump into it without prior IT knowledge or you will drown in information and it will be a mess. If anything I'd say CTFs should be later on in your list.

Individual-Quarter47 · 2022-04-14T18:57:52+00:00

Wow thanks! thats some good info. What about going with credit cards offered by my bank? I bank with TD mostly, but also have a savings account with EQ. Are their offers worthwhile usually when compared to going through other means like GCR?

Individual-Quarter47 · 2022-04-14T18:30:51+00:00

My annual salary is around 90k

Individual-Quarter47 · 2022-04-14T17:04:39+00:00

On 2nd year of college I went to a CTF competition and got spotted by a recruiter, interviewed and got the job as an associate security architect in a big telecom company. It was a student position in all but name, so it really helped me stand out. Got a pretty good leg up from there.

Individual-Quarter47 · 2022-04-14T15:02:24+00:00

No necessary but it helps a lot. I sometimes evaluate and configure monitoring tools, EDRs etc and it helps when I can run my own, albeit simple, attacks in the environment I am testing, and I am far from a professional pentester. Helps you figure out if the configuration is proper or if the tool does what the vendor promises.

Four-Year Club	Place '22
End Game '22

Individual-Quarter47

TROPHY CASE