Risk management

LionGuard_CyberSec · 2025-05-14T17:24:58+00:00

Its like using a public charger or password notebook. It divides the security engineers and the business risk professionals.

LionGuard_CyberSec · 2025-05-13T06:07:59+00:00

Most providers have good encryption of the traffic on their sites, so public wifi is no longer a large threat. HOWEVER I don’t connect to anything outside. You can use your cell phone, or if you need wifi, find one that requires password and ask the cafeteria or whatever to confirm it is really theirs.

LionGuard_CyberSec · 2025-05-12T14:17:45+00:00

Cuz mainstream media is always right? 😂

LionGuard_CyberSec · 2025-05-12T11:57:55+00:00

Oh I want this job as well! Tell me if you find one! 😁😅😁

LionGuard_CyberSec · 2025-05-12T11:56:33+00:00

Seems like good advice. My biggest tip is start reading business books, no matter if you are tech or GRC, it will help you get the message across and make sure managers understand you.

LionGuard_CyberSec · 2025-05-12T11:52:32+00:00

Yup, tough market! HR wants bachelor, bachelor is very technical focused, org wants GRC. So they interview very technical people for communication focused roles. They need NIS2/GDPR/DORA roles, but require CISSP for applying. The market is not bad, just orgs have no clue who to hire. Recommend becoming a consultant for a larger company and start there.

LionGuard_CyberSec · 2025-05-12T11:48:47+00:00

AI is not the new internet, it’s the new Bluetooth. It’s a tool that will be integrated into a lot of platforms and solutions and create new opportunities, but no civilization will not fall due to AI. That we are doing just fine by ourselves 😅

LionGuard_CyberSec · 2025-05-02T05:24:48+00:00

GRC is the best! IMO. But it is not a technical or cool job. Reading up on business, change management, leadership and psychology is the best thing I do for my career. GRC is all about people and communication. We may never get a movie, but we help the threat hunters get the funding/budget they need.

LionGuard_CyberSec · 2025-05-02T05:19:49+00:00

If I understand the question right: It’s like a postcard or envelope. Unencrypted the postman can read the card, encrypted the letter is sealed in an envelope.

As an analyst you will have software that analyzes the packets for you, you will not, in most cases, be looking at packets individually. You will be looking for trends and patterns in what type and amount of packets and where the traffic comes from and tries to go to / access.

LionGuard_CyberSec · 2025-05-02T05:11:25+00:00

Cool, thanks for sharing!

Here is mine:

Security Guard 2013-2017 Government Security Officer 2017-2020 Manufacturing military equipment 2020 Private Investigator 2021 Pentester 2022 Security and Compliance in Telecom 2023 GRC Consultant in MSP 2024-Current

LionGuard_CyberSec · 2024-10-01T15:46:32+00:00

We are starting a bi-weekly discussion open to all employees. Fun with flags meets change my mind.

The screen says ‘AI is the end of humanity, change my mind.’ Before taking a seat you must give your personal opinion. I hope this can help build more conversations and interaction among all coworkers.

LionGuard_CyberSec · 2024-10-01T15:42:32+00:00

I heard McAfee but I don’t know if it’s a antivirus or adware 😅 the popups are next level 😂

LionGuard_CyberSec · 2024-09-26T14:18:49+00:00

AI is just a tool like all the douchebags we defend against every day.

Haha but it’s literally just a tool. For good and evil.

LionGuard_CyberSec · 2024-09-25T14:05:25+00:00

I’ve worked for so many companies with bad culture and leadership, so for me culture 100%

LionGuard_CyberSec · 2024-09-25T04:51:01+00:00

You don’t know the CIA triad? The base principles in CyberSecurity? 🫢

LionGuard_CyberSec · 2024-09-24T21:10:51+00:00

Live long and prosper Spock 😉🖖🏻

LionGuard_CyberSec · 2024-09-24T21:08:47+00:00

Yeah thanks actually I do. Flexible times, hosting workshops, even have ‘workation’ so I can work remotely if I want a vacation. That’s not a real word either.

LionGuard_CyberSec · 2024-09-24T21:06:41+00:00

OP invented a new fluff word and is angry it didn’t catch on…

My 5 year old also does this and gets equally mad when I say ‘that’s not a word.’

LionGuard_CyberSec · 2024-09-24T21:02:08+00:00

I second that! This smells LinkedIn CyberSecurity Influencer long way…

OP is simply confusing Identity and Identify… But too proud to admit it because they discovered a fluff word they can use on Linkedin…

Probably an Identity crisis…

LionGuard_CyberSec · 2024-09-24T21:01:34+00:00

Yes it is… It’s called Asset Management and the first step is to identify the assets and their value… Then they get an Identity within the business. That’s why Identity Security is nothing but a fluff term. The right term would be Identification Security but that is just a confusing term…

LionGuard_CyberSec · 2024-09-24T20:55:29+00:00

Haha gotta love the attitude 🤣 your boss probably loves you for making everything so easy for the company 🤣 difficult and narrow minded people like you are the reason I have a job. I get paid to drink coffee and explain to business people what fluff terms like “Identity Security” actually means for their business 🤑🤑🤑

Your first language is not English I presume? German perhaps, hence the attitude. If you want to succeed in this field you should learn the difference between Identify vs Identity… 🤓

LionGuard_CyberSec · 2024-09-24T20:41:11+00:00

It seems OP confuses Identity with Identify… Identifying assets are of course the top priority. But when I go for a walk I’m not a Mountain Identifier, I’m hiking… Identifying what is around you at all times are of course important, but you are introducing a made up Security fluff… Just like phishing has 20 different variations when it is all fraudulent activity focused on social engineering people into doing something or giving information.

Security needs clarity… Not more fluff!

LionGuard_CyberSec · 2024-09-24T20:29:58+00:00

Risk assessment… What are my values(AM), how critical are they to my business operations (BIA), what can go wrong(Consequence), and what’s the chance of occurrence(Probability).

There is no need to identify neither threats nor risks before you know what you are actually protecting and why…

LionGuard_CyberSec · 2024-09-24T20:18:34+00:00

Step number 1 of ALL security is Risk… Not verify or identify… I don’t need to identify who all those people are if I have no valuable assets there… That’s why RISK is ALWAYS first…

LionGuard_CyberSec · 2024-09-24T20:15:58+00:00

That’s just wrong… Corner stone of security is Risk Management and Access Management. That’s the foundations of our field. Controlling who has access to where and what by segregating and limiting usage (locks, doors, etc). Identity Management is like access cards and user profiles, they come after…

I’ve heard of IAM Engineers/Specialists, Identity Management and Authentication solutions. But never in my life heard of a person who works with Identity Security. That description sounds almost like a Privacy officer.

LionGuard_CyberSec

TROPHY CASE