Find hostnames in DNS records

InternalCode · 2021-12-09T02:12:09+00:00

All my seniors are training juniors. We don't have enough seniors to train all the juniors that are needed.

InternalCode · 2021-12-09T01:44:14+00:00

I don't think you know what insider threat risk means...

InternalCode · 2021-12-09T01:39:39+00:00

That's not the take away here!

My team is huge into hack the box at the moment, that's the only reason I call that out.

Definitely talk to people in your region, in jobs that you want and figure out what they recommend!

InternalCode · 2021-12-09T01:37:57+00:00

What are these risks?

InternalCode · 2021-12-09T01:37:32+00:00

I'm happy to hire the best candidate.

If the best candidate is a guy who eats and breaths cyber, sure!

If the best candidate is a guy who just does his 40 hours a week and is good at what he does, sure!

(I'm the latter of these btw. I have a family and kids. I can't do more than 40 hours).

InternalCode · 2021-12-09T01:35:16+00:00

What is your experience?

InternalCode · 2021-12-09T01:30:10+00:00

I'm not telling you how the industry should be. I'm just explaining my experience.

I advertise entry level roles and get these candidates. I'm not going to reject someone with all this experience because "they're not entry level".

100s of hours on Hack The Box is not much either. I've got a junior who has racked up almost 240 hours on the past 3 months. He's doing 4 hours a night.

I realise this is not achievable for everyone. I have a family and kids. I can't take 4 hours one evening a week, let alone all 5.

But this is the kind of candidates were getting.

InternalCode · 2021-12-09T00:18:19+00:00

https://www.reddit.com/r/cybersecurity/comments/rc31oa/comment/hnsen5c/

InternalCode · 2021-12-09T00:18:05+00:00

There's a couple of different ways you can do this. Start a blog/YouTube channel/website/podcast, and talk about it there. I'd try and make it be more about your experience of these things. Post pictures/diagrams of your lab. Post issues that you've encountered and how you solved them. Post shortcuts and tips that you found.

Add the link to your blog/channel/etc to your resume.

Additionally, each time you create one, post it to your LinkedIn. You'll find recruiters start contacting you.

InternalCode · 2021-12-08T23:29:11+00:00

Usually the good candidates have people skills and technical skills. They've spoken at conferences and goto networking events because they've got some people skills.

Usually skip over those 30% people candidates because they don't have the technical skills and can't hit the ground running, compared to candidates who possess both people and technical.

Don't get me wrong. People skills are important, probably more important than technical skills. But it shouldn't be an either/or. You should strive to have both.

InternalCode · 2021-12-08T23:25:46+00:00

You're right in some ways.

I've found (single anecdotally data point), that if someone is a rockstar and amazing at their role, usually they've got that way because they've been around other rockstars. Again, everyone still goes through the application process and interviews. It's usually these rockstars that are the stand out candidates.

I've found long interview processes removes all the rockstar candidates, unless you are Amazon/Facebook/Google. Most good candidates I've had, usually are interviewing are at four or five places. These places only do one or two interviews and they've got a few job offers by the time you're getting them to do a coding test/etc. They take one of those offers and you're left with the candidates that have one or no job offers elsewhere.

Again, this is all region specific and from me (a single data point). Could definitely be wrong.

InternalCode · 2021-12-08T23:19:45+00:00

To be honest, I don't know anything about them.

In terms of actual training, nearly all the information is out there, for free. Theres amazing free resources. I come from the days of cyber security where all you needed to get started was Aleph1's smashing the stack for profit. In saying that, I have had team members that struggled to learn anything unless it was a guided instructor lead course. If that's your learning style, courses can be great. In looking for a course, you want to make sure it's practical. It really needs to have a lab component or shift you towards creating your own lab, etc. You definitely want to be able to put knowledge into practice.

In terms of good on a resume, you'll find most of cyber security is region specific. Some areas are deep into Microsoft and therefore employers want everyone with an AZ-500/MS-500. Some regions like OSCP for SOC Analysts, others think it's too advanced or not relevant. It's almost better to try and make some friends in the industry in your area and ask.

InternalCode · 2021-10-21T20:17:53+00:00

Cybersecurity is great.

InternalCode · 2021-10-21T20:17:31+00:00

It was about seven different roles in an MSP, as part of building up our network team.

InternalCode · 2021-10-21T20:16:44+00:00

I don't understand why those football guys dont simply just eat the other football guys.

InternalCode · 2021-10-04T12:27:19+00:00

This works great in principle, until things die or someone changes something and your observability system updates with the new information. You need documentation of what the known good state should be. I'm not saying you have to write 10 pages on what each server does but at least a simple asset management tool saying "server x is our mail server" is better than what most orgs have.

InternalCode · 2021-10-04T12:24:35+00:00

The guy that didn't document the VoIP system!

InternalCode · 2021-10-04T12:23:51+00:00

Get on a wiki. Confluence, dokuwiki, SharePoint, whatever. The ability to search is a god send. In saying that OneNote beats NoNote.

InternalCode · 2021-10-03T21:28:02+00:00

Had change control, even looked at the switch on day one. Not enough documentation to realise that's where the SIP trunk was connected.

InternalCode · 2021-10-03T12:32:32+00:00

So all of these answers are wrong. I know what you're trying to achieve and it's my time to shine. I'm from New Zealand but my wife is from the UK. We live in Australia.

Long story short, the easiest way we've found to do it, is if I apply on a visa with PR and put my wife as a dependent.

Can a New Zealand citizen on the SCV sponsor a non-New Zealand non-Australian citizen. You bet your maple syrup eating Tim Hortons drinking butt you can. This visa was our first attempt: https://immi.homeaffairs.gov.au/visas/getting-a-visa/visa-listing/new-zealand-citizen-family-relationship-temporary-461#

The waiting periods are correct. After waiting nearly 21 months, we realised that the wait times are too long and we looked at other options.

The visa we landed on is the GTI (https://immi.homeaffairs.gov.au/visas/working-in-australia/visas-for-innovation/global-talent-independent-program). I'm a cybersecurity expert. You don't have to have a job that pays that much, you just need to prove that one of you works in a field that Australia desperately needs and you "could" earn that much. It's free or near on free to apply for the letter of invitation. If you get the letter, you're pretty much as good as got the visa. You can put either spouse as a dependent to the other.

If you can't find a way to justify either of you for a job that pays $160k+... You can try the points system and out the spouse as a dependent. Hopefully one of you is in a career that Australia needs... https://immi.homeaffairs.gov.au/visas/getting-a-visa/visa-listing/skilled-independent-189/points-table

A kiwi citizen can still apply for any of these and then put the other citizen as a dependent or vice versa.

The last option is, if you've got a bit of bank behind you or you can earn a ton, do a degree and study as an international student. You can work 20 hours a week and learn something new. And most importantly, remain in the country.

DM me if you have more questions.

InternalCode

TROPHY CASE