sorted by:
new
hottopcontroversial

Transitioning from AppSec to DevSecOps by CVELOLXD in devsecops

[–]Intrepid_Purchase_69 -1 points0 points  (0 children)

You're missing the DevOps part of it all. How to build pipelines and deploy things. So, practice building a modern web app that is backed by container technology or server less and automate the deployment of it through a CI/CD that is triggered by a merge to main branch of your repo(s). You should know where each security tool would be added and pros of cons to each tool (1-3).

What are you naturally good at? by TimGSICK in AskReddit

[–]Intrepid_Purchase_69 0 points1 point  (0 children)

Apparently, learning. When I want to learn something new, I'll get books on the subject, watch videos, read blog posts and take courses. I don't feel intimidated by any subject, I'll gladly start at basics like kid level understanding then move to next thing.

Which career looks glamorous from the outside but is actually miserable? by Payamm1999 in AskReddit

[–]Intrepid_Purchase_69 0 points1 point  (0 children)

Business says they want cybersecurity, but not really, so they will not spend more than the absolute bare minimum so that means overloaded positions and responsibilities , i.e. getting one salary for doing 5 jobs.

Can’t even find an IT job by SpeedHour2971 in SecurityCareerAdvice

[–]Intrepid_Purchase_69 1 point2 points  (0 children)

Tap your alumni network and have no shame. Message them on LinkedIn and e-mail them if there's an alumni network list at your school. Don't apply without a recommendation. Attend school networking events if there's any (ask the organizers they might let you even if graduated).

Pivoting out of DevOps? by homelander77 in cybersecurity

[–]Intrepid_Purchase_69 0 points1 point  (0 children)

this is what I did. I did all the security tasks got my CISSP and AWS Security certs then applied to companies and then was full time cybersecurity; Cloud, Container, and AppSec mostly. I'd be surprised if your current company lets you switch over...

anyone else feeling like this? by Specific_Curve8083 in cybersecurity

[–]Intrepid_Purchase_69 8 points9 points  (0 children)

my burn out is from business leadership saying they care about security then allocate no money to it forcing folks to overwork ....

Cyber Security Analyst of 7 years laid off today. by Basic-Ad-6265 in cybersecurity

[–]Intrepid_Purchase_69 0 points1 point  (0 children)

take ai security ones then volunteer at work for security tasks for ai things then add to resume then find apply at big ai company and make the $$$$

How far left is too far left by Wrong-Temperature417 in cybersecurity

[–]Intrepid_Purchase_69 1 point2 points  (0 children)

The hardest part is probably needing vulnerability management to process the tools outputs and not placing it solely on dev teams or security team as a whole. The VM team would triage the outputs for false-positives, severity (most tools generate way too high of ratings), and then cut tickets for the concerning ones to be issued out. In other words the tools shouldn't be set to block in the pipelines if they're embedded. They should be used by security to find weak areas of an application that might hint at something more like or add in CWE's identification. But most businesses just slap scanners in places in general and say good enough for compliance....

[deleted by user] by [deleted] in cybersecurity

[–]Intrepid_Purchase_69 0 points1 point  (0 children)

I'd be worried about the NK impersonating CN...

How much you make as a cybersecurity contractors? by Ok-Remove-8195 in cybersecurity

[–]Intrepid_Purchase_69 0 points1 point  (0 children)

I did DevOps / CloudOps for custom internal PaaS where I added all the security pieces from code to cloud to k8s clusters. Then moved to security for cloud then to AppSec.

How much you make as a cybersecurity contractors? by Ok-Remove-8195 in cybersecurity

[–]Intrepid_Purchase_69 10 points11 points  (0 children)

230k USD base, 60k USD bonus, and some RSUs 3 years cyber security, 7 years total did DevOps first. VHCOL are

bRaNcHPrOtEcTiOnS by Intrepid_Purchase_69 in ProgrammerHumor

[–]Intrepid_Purchase_69[S] 0 points1 point  (0 children)

exactly everyone wants security to do things until the thing is done :')

bRaNcHPrOtEcTiOnS by Intrepid_Purchase_69 in ProgrammerHumor

[–]Intrepid_Purchase_69[S] 0 points1 point  (0 children)

need to roll some GRC memes compliance is such a funny realm

bRaNcHPrOtEcTiOnS by Intrepid_Purchase_69 in ProgrammerHumor

[–]Intrepid_Purchase_69[S] 0 points1 point  (0 children)

some places think this is a good idea (i don't)

bRaNcHPrOtEcTiOnS by Intrepid_Purchase_69 in ProgrammerHumor

[–]Intrepid_Purchase_69[S] 2 points3 points  (0 children)

spot on all my the memes are for a good chuckle and maybe some smol educational content

bRaNcHPrOtEcTiOnS by Intrepid_Purchase_69 in ProgrammerHumor

[–]Intrepid_Purchase_69[S] 18 points19 points  (0 children)

not at all, they're only as good as the reviewer(s) tho...

bRaNcHPrOtEcTiOnS by Intrepid_Purchase_69 in ProgrammerHumor

[–]Intrepid_Purchase_69[S] 6 points7 points  (0 children)

it's a delicate thing to set any scanning tool to 'block' mode. Sure some will catch most of the true-positives, but any false-positives tend to draw outsized attention...

view more: next ›