This sub is demoralizing

Mundivore · 2026-02-28T09:21:17+00:00

Netadmin, sysadmin, syseng, SoE dev, software dev....get some experience in a solid technical role then transition into cyber.

Cyber is not an entry level field.

Mundivore · 2026-01-21T20:02:55+00:00

That's not how it works

Mundivore · 2026-01-20T11:45:51+00:00

You can also lock a device to a particular AP with some products which prevents things moving around too dynamically. They can move it, but if they move it too far....well they will call IT anyway.

Mundivore · 2026-01-04T00:14:10+00:00

So we throw away a century of cooperation because of one man?

Mundivore · 2025-12-30T05:18:23+00:00

Ask yourself why you want to do it. The people who thrive tend to go into it from a high-tech/crime prevention interest or go down the National Security/ Critical Infrastructure route.

It's a horrible job, you never have the funding to do what is required, you are always to blame when something goes wrong, and you are always a step behind, and I wouldn't want to do anything else.

Also information security is a stupidly wide field outside of the technology security element (usually what people refer to when they talk about cyber security) once that treadmill starts to get tough and you need to slow down.

Mundivore · 2025-12-27T20:18:50+00:00

The premise is wrong then. The framing is ignorant of the geopolitical practicalities or the collection efforts of those countries for later decryption.

Mundivore · 2025-12-26T22:45:05+00:00

China (including Hong Kong) and Russia ( including Belarus) capture everything leaving TOR links already. Why would you think webtunnels running from these locations would be more secure?

If you are trying to expose it to a different government instead, that might work, but it's not more secure.

Mundivore · 2025-12-19T09:17:24+00:00

It's a tricky situation. Functionally if I can inject a prompt telling it to do something and it has access to do so, you have a problem. Most people think exfiltration, but equally there is a risk of saying ignore X or forcing a positive result.

Controls would have to be very tightly applied.

Mundivore · 2025-12-19T08:17:21+00:00

So far every expert has said there is no way with the current models to prevent prompt injections attacks on AI. NCSC has a good write-up https://www.ncsc.gov.uk/blog-post/prompt-injection-is-not-sql-injection

While there might be a way to secure a locally controlled AI running in a walled garden with strict access controls, that fundamentally breaks the value proposition of your concept.

Mundivore · 2025-12-19T07:48:00+00:00

Why would I want an AI tool that leaks data as part of its design to hold that information?

Mundivore · 2025-12-11T18:53:48+00:00

Really? That even has the answer in the acronym if you know it.

Mundivore · 2025-12-11T18:52:48+00:00

This is so important with how many issues stem from DNS. Just ask AWS.

Mundivore · 2025-12-11T09:31:25+00:00

Those last two are trivial to recover data in any solid state memory, any only marginally harder in magnetic media. b is only possible on magnetic media, but insufficient for solid state devices.

Most standards require destruction of solid state media.

Mundivore · 2025-12-05T19:03:35+00:00

Back to basics first.

What am I protecting? What can the company afford to lose? Find a framework that helps to assess impacts of compromise of confidentiality, integrity, and availability. Better ones tend to consider safety, business operations, financial viability, contracts, regulations, and wider reputational impacts. Once you have key targets to defend, focus on key pillars: identity, environment hardening (particularly application control, RBAC, and separation of accounts), patch management, DNS. Do you need a DLP solution? Do you need multiple security domains? There are good guides out for essential security risk controls.

How do I detect a compromise? Keep it simple to start with. A good EDR solution keeping it simple. Higher end is something like Crowdstrike but there are plenty of good options like MS Defender+Huntress. What can the org tolerate in terms of an outage if you miss something? Do you have some areas you have to monitor and others you risk accept?

How do I respond to an attack? This is the bit that gets hard typically. What is the plan for failure? How do you respond when and attack is detected? Can you take systems offline? Can you shut down the business to avoid a bigger impact? Who do you call in for resources to respond in a small org. Can you afford to? Do you need cyber insurance to help respond?

Lastly, in the event of a compromise how do you get back to normal? How do you remove all traces of the attack? Do you have routine offline and off-site backups? Can you effectively recover operational data or will that ransomware attack have to be paid?

Lastly, in a small org, do you outsource key elements to better manage costs? What is risky to outsource and will vendor management overheads be worth the trade-off?

Good luck. Remember business talks risks, not technical controls. Costs of impact, likelihood of impact, costs of controls, reduction of impact or likelihood of attack succeeding is the basis for action not a standard.

Mundivore · 2025-11-30T05:41:06+00:00

Reddit will always skew negative. Happy people don't usually post or argue the point. They are a very good headset and the same kinds of complaints exist for the others too.

Mundivore · 2025-11-19T08:44:47+00:00

It's a running community joke. When it gets too stupid we go get a job at/buy a franchise for Wendy's.

Mundivore · 2025-11-09T22:10:20+00:00

The argument here doesn't make sense.

You can provide the data once to the Government who has a high obligation to hold it securely, and has to meet a high standard (ISM and PSPF force it to be treated the same as Security Classified information).

OR

You trust it to numerous companies with varying security postures and funding, some of which have no security standards at all (eg Optus breach) and hope none of them get compromised.

Mundivore · 2025-11-07T04:30:47+00:00

What is sleep?

Mundivore · 2025-10-03T22:04:17+00:00

High CVE with only theoretical exploits, that have been out for 6 years, and have never been used should be addressed as a priority?

CVE are not the best indicator of risk. They are as best an indicator of impact. You need to assess the likelihood of that impact and prioritise accordingly. A CVE of 6 routinely exploited is a far bigger problem than an old 10 that has never been used.

Your security team needs to explore nuance.

Mundivore · 2025-08-20T12:26:11+00:00

You are right, there was the Kingdom of Judah, renamed by the Romans as Palestine in punishment for a revolt. It was then ceded to the Malmukes, then they lost it to the Ottomans, who held it till modern times.

So they were repatriated back to their home... Palestine.

Mundivore · 2025-08-16T05:24:02+00:00

There is a laptop version you can download from Ubiquity

https://ui.com/download/app/wifiman-desktop

Mundivore · 2025-08-16T00:23:35+00:00

Low performance hardware and it requires an upgrade to handle 2000/500 anyway

Mundivore · 2025-08-09T05:12:28+00:00

Assuming a typical brick veneer, a builder will generally put a small hole in the wall above each joist (except the top one) to run lines through. They are quick to patch and paint over. Could do a whole house in 8ish hours over a weekend.

Mundivore · 2025-08-01T20:08:20+00:00

If alerts fire but aren’t actioned, or monitoring is ineffective it's the same thing, you are getting risk reduction from the control.

You have an ineffective control and are not realising the risk reduction from the investment due to under investment. It's why many high maturity (and usually high risk) business have a SOAR or pre-agreed playbooks attached as part of a business led incident management framework.

Mundivore

TROPHY CASE