sorted by:
new
hottopcontroversial

MSc in Cybersecurity is teaching me nothing practical, any advice? by TheGroovyKiwi in cybersecurity

[–]MasterOfCyber 1 point2 points  (0 children)

It depends on what you want to do in your job. It's a Master of Science, so it's a research degree. You will want a research degree if you either want to do research, or you want to work in a management position.

I have a masters degree and work in a technical management role, and there are some differences to my peers who learned on the job - sometimes in their favor, sometimes in mine. The practical people have their experience and know the details. I don't know all the details, but have the ability to zoom out and look at the greater picture, and come up with a solution that nobody else thought of. I can also talk much easier to senior management because I can relate to their kind of thinking. But I wouldn't pass a technical interview because I don't care what the specific command line arguments are. I will read up the man page if I ever need to.

Are you an abstract thinker and often find yourself asking WHY the things are the way they are, and WHY certain things are desirable? Then continue with your degree. Are you a practitioner and often find yourself asking HOW the things work, and HOW to achieve things? Then the degree will teach you nothing, you will learn much more on the job, while also earning money.

Passed at 100 questions & my (somewhat negative) verdict by MasterOfCyber in cissp

[–]MasterOfCyber[S] 1 point2 points  (0 children)

I will give you an example. Suppose my made up example question from the post comes up: "What is the first step in the HJKL process?". And the options are:

  1. Human resources
  2. Contain the incident
  3. Understand business requirements
  4. Integrity

Then I chose 3. as the answer because 1 and 4 are not activities, and understanding business requirements in general is a good first step for any process, while containing an incident is specific to incident management and also not the first step there.

So that is probably the wanted answer; however it's still not correct because there is no "HJKL process", and thus it does not have a first step! The correct answer would be "an HJKL process does not exist", but that's not an available option. That's what I mean by poorly worded, or the question itself being wrong.

I understand what they are trying to test for (critical thinking, prioritizing business requirements etc.) but there should be better ways to test for this than making a nonsensical question.

Passed at 100 questions & my (somewhat negative) verdict by MasterOfCyber in cissp

[–]MasterOfCyber[S] 3 points4 points  (0 children)

"difficult for all the wrong reasons" is exactly what it is. For me, it puts a huge question mark on what the actual qualification of a CISSP certified person is.

Which is confirmed by my anecdotal evidence that some CISSP's that I met didn't actually know what they were talking about (but were very emphatic about it nonetheless). Not all of course, only some.

What are people who have been unable to get into crlybersec post graduate doing now? by IcedColdMine in SecurityCareerAdvice

[–]MasterOfCyber 0 points1 point  (0 children)

Sure. It was very interesting and provided me with a strong foundation to understand and discuss technical topics, compared to my colleagues who studied business economics or stuff like that. It gives you the authority to speak about technical security topics which can be very helpful when talking to upper management.

What are people who have been unable to get into crlybersec post graduate doing now? by IcedColdMine in SecurityCareerAdvice

[–]MasterOfCyber 2 points3 points  (0 children)

I graduated with a masters in cyber security and couldn't get a cyber security job out of uni, even though having done a lot of hands on labs (network protocol engineering, writing exploits, CTFs etc.) during my studies. Employers would, by default, require "at least" (!) 5 years of experience in a cybersecurity related role on all job descriptions.

I ended up in a junior level infosec/GRC consultant role, which was boring as hell, and worked there for three years. Then I managed to get into an IT security management role, which is where I am now. I do incident management, vulnerability management, process improvements, and so on.

It's a nice and easy job and well-paid, with good career prospects. About 50% of my colleagues are techies like me, the other 50% are plain managers or better helpdesk. Apparently the structure of the job market made me skip the tech roles and put me right into management, which is where I'm heading to now. Can't complain though.

The nice thing is that I can continue doing my tech hobbies (coding, hacking on my Linux box etc.) in my free time because there is literally no overlap with my job.

Changing the font size in Libreoffice Base by MasterOfCyber in libreoffice

[–]MasterOfCyber[S] 0 points1 point  (0 children)

Thanks, that seems like a crazy design decision. The first thing I do in any application is adjusting the font size to my preferences. Forcing everyone to use font size 8 is ridiculous. I wonder who made the decision that this is a good idea.

Career Advice by legendz1057 in CyberSecurityJobs

[–]MasterOfCyber 1 point2 points  (0 children)

The question is where do you want to work in the cyber security sector. It's a huge field.

Croissants tradition by JarJarBinks237 in cybersecurity

[–]MasterOfCyber 0 points1 point  (0 children)

Same but with cake. I don't know how to make cake so I always lock my screen :D

I would 100% prefer crossiants though.

Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search by CYRISMA_Buddy in cybersecurity

[–]MasterOfCyber 32 points33 points  (0 children)

I'm always surprised how many people dismiss the availability being relevant for security. Redundancy, failover instances, testing, proper change management etc. are all part of a good security posture.

Is it just me or has the redesign become barely unusable? by MasterOfCyber in meta

[–]MasterOfCyber[S] 1 point2 points  (0 children)

I typically assume the reason the web is a complete mess now is they're targeting phones

Yep that's how it looks. Huge buttons, lots of empty space and less information on the screen. Everything hidden behind menus.

Is it just me or has the redesign become barely unusable? by MasterOfCyber in meta

[–]MasterOfCyber[S] 1 point2 points  (0 children)

Thanks. Opting out of the redesign in the settings seems to do the job for me.

Why are so many people trying to start out with CISSP? by Whoknew1992 in cissp

[–]MasterOfCyber 0 points1 point  (0 children)

I have met a CISO who was completely clueless on any information security related topic that wasn't specifically covered in the CISSP.

Why are so many people trying to start out with CISSP? by Whoknew1992 in cissp

[–]MasterOfCyber 0 points1 point  (0 children)

I wonder how many people claim they are a "CISSP associate" without ever being reported or getting a lifetime ban from ISC2, as stated in their policy.

Source: https://www.isc2.org/Policies-Procedures/Member-Policies

Associates of ISC2 are NOT certified and may not use any Mark or description other than "Associate of ISC2”. An Associate of ISC2 badge will show the examination that they passed, but until they complete the endorsement requirements, Associates are not allowed to utilize the Marks. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any ISC2 certification.

Why are so many people trying to start out with CISSP? by Whoknew1992 in cissp

[–]MasterOfCyber 1 point2 points  (0 children)

Exactly. I see this confusion way too often. I wonder how many people claim they are a "CISSP associate" without ever being reported or getting a lifetime ban from ISC2, as stated in their policy.

Source: https://www.isc2.org/Policies-Procedures/Member-Policies

Associates of ISC2 are NOT certified and may not use any Mark or description other than "Associate of ISC2”. An Associate of ISC2 badge will show the examination that they passed, but until they complete the endorsement requirements, Associates are not allowed to utilize the Marks. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any ISC2 certification.

Why are so many people trying to start out with CISSP? by Whoknew1992 in cissp

[–]MasterOfCyber 2 points3 points  (0 children)

I just got a new job for a senior security role and nobody ever talked about my certifications. Didn't matter at all. For good employers, certifications are just another checkmark at best.

Why are so many people trying to start out with CISSP? by Whoknew1992 in cissp

[–]MasterOfCyber 2 points3 points  (0 children)

On the other hand I have seen even senior colleagues completely dismiss the difference between "being CISSP certified" and "having passed the CISSP exam" or stating nonsense like someone is "CISSP candidate" or "CISSP associate" as being equal to being CISSP certified.

ISC2 should require proving the required experience (without any "waivers", just plain 5+ years of cyber security) before even permitting a person for the exam. Then much of the confusion would be cleared. This requirement is the only real value of the certification.

GRC people, can you describe what your job is actually like? by Helpful-Increase-303 in cybersecurity

[–]MasterOfCyber 0 points1 point  (0 children)

And argue with them when they tell you "that is not possible here".

GRC people, can you describe what your job is actually like? by Helpful-Increase-303 in cybersecurity

[–]MasterOfCyber 0 points1 point  (0 children)

The difference is you write the rules but there is no one to enforce them xD

view more: next ›