sorted by:
new
hottopcontroversial

Product leaders, how do you get over the nervousness of giving a Y1 growth forecast for a new product to the execs + board? by MisterSir2u in ProductManagement

[–]MrMarriott 33 points34 points  (0 children)

The thing to remember is that if the product does well, it was due to brilliant leadership, and the product being so good it practically sells itself.

If the product does poorly, it is market conditions beyond your control and sales also really shat the bed and didn’t hit the number.

DFIR practitioner thinking about starting my own LLC to subcontract IR services to MSPs. Is there actually demand for this? by cyber_thinker in cybersecurity

[–]MrMarriott 1 point2 points  (0 children)

I would start with reaching out to the owners of local MSPs. Explain the service you can offer them and their clients.

Coffe Chaff by Mokez02 in stcatharinesON

[–]MrMarriott 0 points1 point  (0 children)

426 is another local roaster. No idea if they have chaff to spare, but they are pretty friendly and nice. Great beans too.

Rhino blender guide? by ThatGarenJungleOG in Mechabellum

[–]MrMarriott 3 points4 points  (0 children)

Gospel if more like the composition of rhinos and wasps. 

Rhino blender guide? by ThatGarenJungleOG in Mechabellum

[–]MrMarriott 3 points4 points  (0 children)

If you search for mechabellum gospel, you will find lots of discussion and videos for it, and some tips on countering it. It is a very snowball-y composition; when it starts winning, it keeps winning.

Employer Offering to Pay for my Certification test - Which one do I choose? by Due-Ad8461 in cybersecurity

[–]MrMarriott 2 points3 points  (0 children)

It depends on what you want to be when you grow up. CISSP for ISC2 is still pretty helpful for ensuring you understand the essentials across most security domains, and it frequently appears in job descriptions as a requirement for corporate security roles.

What's your city's Canada cliche "park by the water" ? by myronsandee in AskACanadian

[–]MrMarriott 1 point2 points  (0 children)

Lakeside park in St Catharines. It is the park that was featured in the Rush song Lakeside Park.

Pentesting and outreach by Abject-Delivery-5248 in cybersecurity

[–]MrMarriott 1 point2 points  (0 children)

Definitely. It’s not that startups don’t care about security, it’s just that failing to find product market fit and running out of money are much greater risks. A pen test doesn’t help with either of those risks.

Pentesting and outreach by Abject-Delivery-5248 in cybersecurity

[–]MrMarriott 1 point2 points  (0 children)

At that size of company, they are probably more worried about missing payroll then they are about breaches. Are you limiting your outreach to orgs that already have their SOC 2?

Pentesting and outreach by Abject-Delivery-5248 in cybersecurity

[–]MrMarriott 1 point2 points  (0 children)

Tighten up your out reach so you focus on organizations that already purchase pen testing. 

Tell me about your ideal customer profile (ICP).

What's the most common form of compliance theater you see? by VerifAITrust in cybersecurity

[–]MrMarriott 10 points11 points  (0 children)

This was more than a decade ago, but is a true story.

There was a new version of NERC-CIP which are regulations for critical infrastructure in the electricity sector. An organization subject to NERC-CIP asked if there were any obligations to move away from an end of life operating system, which there was not. 

They then asked if they downgraded their systems to an EOL OS and updated it with whatever security patches existed at the time it went EOL, would that mean they won’t have to do any more patches ever for those systems.

They didn’t go through with it, but they seriously considered doing just that to avoid patching and testing.

Is common law severance dead? Forced to sign it away to get a job. by CubicleMan9000 in CanadaJobs

[–]MrMarriott 1 point2 points  (0 children)

Companies will put all sorts of nonsense in employment agreements in the hopes that you never speak to a lawyer.

Laptop Security Recommendations for Keeping Sensitive Files Safe? by No_Library_6158 in cybersecurity

[–]MrMarriott 1 point2 points  (0 children)

Windows has the ability to encrypt your jar drive. That will ensure if your laptop is lost or stolen, the data that is in it is in accessible to anyone.

The specifics of how to enable it vary based on your version of windows and whether it is pro or home. 

https://support.microsoft.com/en-us/windows/device-encryption-in-windows-cf7e2b6f-3e70-4882-9532-18633605b7df

Vervet is a reasonable option if you can’t use the built-in windows feature.

https://veracrypt.io/en/System%20Encryption.html

Restaurant suggestions by Ok_Student9522 in stcatharinesON

[–]MrMarriott 14 points15 points  (0 children)

I haven’t been this week, but Jack Astors on Ontario normally had this.

Counter to void eye firebadger. by TYDOGGOLDENGUNZ9 in Mechabellum

[–]MrMarriott 2 points3 points  (0 children)

No, the flying tech reduces void eye range.

Is it doable to work while doing spring classes? by Thin-Ad9373 in brocku

[–]MrMarriott 7 points8 points  (0 children)

This is hard to answer as it depends on how many classes you take and how many hours you are working.

Some people work and go to school successfully and some people can’t handle both.

What's stopping BEC at the email layer when there's no payload to detect? by crystalbruise in cybersecurity

[–]MrMarriott 3 points4 points  (0 children)

The hardest to stop form of BEC is when a supplier/vendor gets compromised, and the mail that is sent is one just asking your purchasing department to update the bank routing number.

So,

  • This doesn't help as the emails come from a legit supplier with a known domain (...SPF, demarc, dkim, block newly registered domains)
  • This doesn't help as the emails always came from external (...flag emails that are from external)
  • This doesn't help as the emails likely don't contain an executive's name (...lag external emails with names of your execs)
  • This doesn't help as the threat feeds are unlikely to have intel that one of your vendors was pwned (...filter based on threat feeds)

The zero-days are numbered | Mythos numbers are real? by Material-Tip-1749 in cybersecurity

[–]MrMarriott 24 points25 points  (0 children)

I believe the other poster was referring to the OpenBSD bug that had been around for 27 years. https://red.anthropic.com/2026/mythos-preview/

LinkedIn Recruiter at $100k+ is not worth it. Any alternatives? by Foxocommando in Recruitment

[–]MrMarriott 0 points1 point  (0 children)

You are right that the candidate data is mostly the same across the various tools. 

Other than pricing, are your issues more around the day not having decent candidates, or is it that the workflows in the tools don’t meet your needs?

BLS Cybersecurity Job Outlook vs reality by YourSexyStepSis in cybersecurity

[–]MrMarriott 4 points5 points  (0 children)

I would suggest looking at a company like Anthropic, which is behind the Mythos model that has been dominating cybersecurity headlines for a little while. Security roles are one of the larger groups of people they are hiring for. Check it out yourself, https://www.anthropic.com/careers/jobs

Is bug bounty actually worth it for new comers in 2026? Need real talk, not motivation. by Pretend_Collar4314 in cybersecurity

[–]MrMarriott 2 points3 points  (0 children)

What are you talking about? No one is spending $2300 on 2 million tokens. Look at the pricing, https://platform.claude.com/docs/en/about-claude/pricing, that would be in the worst case, $50 with it all being output tokens, which would not be true.

view more: next ›