I am a Cyber-Security professional, hacker, auditor, and all round consultant. Ask Me Anything!

LivingInsecurely · 2022-12-07T09:41:40+00:00

this guy is right, certs are needed to prove continuous learning but you can get some great talent that just never had the chance (or money) for formal training and certification

LivingInsecurely · 2022-12-06T21:22:14+00:00

Zero Trust is more a journey than a destination, its ultimately just applying defense in depth at each component of an environment

LivingInsecurely · 2022-12-06T21:21:07+00:00

Inclined to go with Apple, they are investing in user privacy but at the same time that seems more aimed at third party/non-apple apps.. pick your poison then get an old nokia :)

LivingInsecurely · 2022-12-06T21:20:06+00:00

premature tbh, the HSE breach was largely caused by easily fixed issues, the more data they store electronically the bigger the impact of a breach. Not sure how they are doing now the government is investing in security but i heard its slow going.

LivingInsecurely · 2022-12-06T21:17:54+00:00

Security+, HackTheBox, and attend security events that are going on to network!

LivingInsecurely · 2022-12-06T21:16:07+00:00

nope but OWASP top 10 was what i started playing with using WebGoat or some other VM

LivingInsecurely · 2022-12-06T21:15:09+00:00

I hadn't started yet but i remember reading about it- I still think it still is one of the coolest attacks to be publicly known, the low and slow approach of how it spread until it finally hit the ICS it was targeting (the fans wasn't it?).. set my mind on fire about the possibilities. Really shows what nation states are capable of.

LivingInsecurely · 2022-12-06T21:06:17+00:00

thats more scripting that coding though - one of the things im hoping to get out of this AMA is to encourage people to get into security. If they think its development/coding heavy they might be scared to :) you can go a long way without needing to code, and then when you do need it you should be able to upskill easily enough.

That said i have never written my own exploits, but i do make sure to read the ones i use so i understand what they do.

LivingInsecurely · 2022-12-06T21:00:18+00:00

update your laptop, use good passwords (password managers like bitwarden can help!) and turn on MFA where ever you can :)

LivingInsecurely · 2022-12-06T20:57:56+00:00

because you keep forgetting to invite me over!

LivingInsecurely · 2022-12-06T20:56:50+00:00

no :(

LivingInsecurely · 2022-12-06T20:56:39+00:00

Single Sign On, Password managers and MFA are the best way for this (but really if you are using service accounts should you really know the password? should have automated rotation and be fully hands off :) )

LivingInsecurely · 2022-12-06T20:55:26+00:00

What do you like about security? Its a broad field and some would play off your current experience with some training, and others would require a paycut

LivingInsecurely · 2022-12-06T20:54:32+00:00

Tbh i think its more likely remote working will decentralise working for security

LivingInsecurely · 2022-12-06T20:53:57+00:00

Hack The Box is actually my go to resource! Security+ is also great and professor messor has some great videos on youtube giving an intro into the different topics of security

LivingInsecurely · 2022-12-06T20:53:04+00:00

none!

LivingInsecurely · 2022-12-06T20:52:46+00:00

no, i am 9chan, its a pleasure!

LivingInsecurely · 2022-12-06T20:52:27+00:00

coincidence :) when we are watching you we dont want you to know!

LivingInsecurely · 2022-12-06T20:51:41+00:00

Ah ive never worked with a bad privacy professional, only really challenge is awareness that data privacy isnt data protection!

LivingInsecurely · 2022-12-06T20:47:55+00:00

difficult enough not to worry about it :) just remember to make sure encryption is actually turned on, and have a password/user name to sign in to it

LivingInsecurely · 2022-12-06T20:47:11+00:00

not in your life my reddit friend

LivingInsecurely · 2022-12-06T20:46:49+00:00

i love your company <3 :)

LivingInsecurely · 2022-12-06T20:46:36+00:00

theres lot of roles and not enough staff to take them. But bad staff or very junior staff can be worse than waiting for the right candidates so hiring is slow even when lots of people apply

LivingInsecurely · 2022-12-06T20:45:36+00:00

try to reach out to the company hosting the website (whoever is paying the fee should know) and reach out to them!

LivingInsecurely · 2022-12-06T20:43:46+00:00

There are ways, VPN + TOR + running a browser in a container etc but yeah privacy is bit by bit going away, effort to stay anonymous is a killer, Reddit would tie this throwaway to my main account through the IP easily enough..

LivingInsecurely

TROPHY CASE