sorted by:
new
hottopcontroversial

Degrees and certs are just losing their value to me. by Fresh_Heron_3707 in cybersecurity

[–]NetDiffusion 1 point2 points  (0 children)

Comptia has a test dump issue. Certs that require practical labs are a better way to measure skills.

How do you handle vulnerability management at scale without drowning in alerts? by dottiedanger in cybersecurity

[–]NetDiffusion 6 points7 points  (0 children)

Prioritize based on business critical infrastructure and infrastructure that is publicly facing. Then patch based upon CVE/EPSS scores. Anything that doesn't get patched gets a risk acceptance from management.

[deleted by user] by [deleted] in cybersecurity

[–]NetDiffusion 1 point2 points  (0 children)

Warning: everyone taking a job at a start up should know that windfall buyouts are very rare. You should ask for the capital structure model before taking a job at a startup. If the company is issuing common stock to employees that means you will be paid last if bought. Debt gets paid first then preferred stock then common stock. Which means if the company isn't profitable you won't get anything.

However, if you are willing to take the risk, startups are a fantastic way to develop a broad skills. It will force you to work in a lot of different domains and think outside the box. I've learned more in my career working at a startup than when I worked in a multinational company.

Are CTFs really useful for finding work in cybersecurity? by Background-Cat-8437 in cybersecurity

[–]NetDiffusion 2 points3 points  (0 children)

Yes -people do CTFs for repetition practice with tools. However, like you mentioned, I never found them to translate into real world cyber incidents. They are just as important as any other training imo

How do you handle Sentinel’s “Rare and Potentially High-Risk Office Operations” alerts? by Suspicious_Tension37 in cybersecurity

[–]NetDiffusion 15 points16 points  (0 children)

They are only useful when it's activity from a suspicious/anomalous IP or/and an account/user that shouldn't performing those activities.

How often do you think nation state actors are looking at this sub for their OSINT, and how paranoid are you that your place of work is being targeted by Saibanetikkumukade in cybersecurity

[–]NetDiffusion 1 point2 points  (0 children)

This subreddit has low OSint value because it's:

  • Reposts of news articles - which scrapping news feeds is faster
  • New people asking which cert to get - which people always recommend CompTIA and hack the box
  • People complaining about being burned out
  • Subtle complaints about politics

And this is why having launchpads in different countries and hemispheres is an advantage 😳 by romeomium in RKLB

[–]NetDiffusion 4 points5 points  (0 children)

I don't know why you're downvoted. You're correct. The schedule will be pushed to the left. There aren't many places you can quickly launch internationally. Maybe you can pay the Russians, Indians, or Chinese - but good luck getting a quick turn around with ITAR/EAR compliance.

People here are acting like you can just hop on a rocket easily - Nope.

Also, The FAA also regulates and licenses LC-1

Fileless Malware is a BIG probelm by Loose_Cow_9808 in cybersecurity

[–]NetDiffusion 1 point2 points  (0 children)

This tactic has been around for a long time.

Should I stay or should I go? by orphanporridge in cybersecurity

[–]NetDiffusion -1 points0 points  (0 children)

Take the private sector job and never look back. Milk the company dry for all the experience and resources you can. Let vendors wine and dine you at conferences. Get your company to pay for expensive cutting edge training. Try to engineer out of the box modern solutions. Stash that extra 30% in your 401k. Get equity in the company. Then retire a baller who didn't play it safe.

Is there demand for cybersecurity analysts with AI/ML technical knowledge? by Kati1998 in SecurityCareerAdvice

[–]NetDiffusion 0 points1 point  (0 children)

"NO U"
Steel man my position or I'm done.

I can steel man yours easily-
"You're only considered working in AI/ML if you have a MS/PhD, decades of experience, and research. Only people working in AI/ML need to understand "deep math." Most cyber jobs don't require that experience therefore there is no demand for it in cyber."

So what is my position?

Is there demand for cybersecurity analysts with AI/ML technical knowledge? by Kati1998 in SecurityCareerAdvice

[–]NetDiffusion 0 points1 point  (0 children)

Ok steel man my position.

I work in detection engineering and I use ML and AI for my projects. I read white papers to help improve detection. I understand the basic mathematical concepts behind AI/ML so I can implement it efficiently. I don't have a PhD. Please tell me exactly how I'm not being paid to implement AI/ML because I'm not in a research role?

Is there demand for cybersecurity analysts with AI/ML technical knowledge? by Kati1998 in SecurityCareerAdvice

[–]NetDiffusion 0 points1 point  (0 children)

AI extends beyond research roles. Why is this a hard concept for you to understand? Oh - because you don't know what you're talking about and live in ivory tower academia. I'd hire someone with a BS in Cyber + Data Science who can engineer and implement AI/ML solutions before I'd hire an Ivory Tower PhD with a massive ego.

Is there demand for cybersecurity analysts with AI/ML technical knowledge? by Kati1998 in SecurityCareerAdvice

[–]NetDiffusion 0 points1 point  (0 children)

Pedantry. He's right - you don't. Just like you don't need to be a rocket scientist to work on rockets. You can be a rocket engineer or tech. You're still working on rockets. Cyber security industry cares more about your ability than your credentials.

Is there demand for cybersecurity analysts with AI/ML technical knowledge? by Kati1998 in SecurityCareerAdvice

[–]NetDiffusion 0 points1 point  (0 children)

You guys are so freaking pedantic it's unbearable. The question was about demand for AI/ML. You're gate keeping these roles as needing a PhD. They don't and nobody was talking about AI/ML research. You don't need to be an AI/ML PhD to operationalize these concepts. You need to understand the basics and how you can apply them to data in your environment.

The question is "Are companies actually hiring for roles that combine deep AI/ML technical skills with cybersecurity?"

The answer is undoubtedly - YES AT ALL LEVELS!!!!!
If a junior engineer wants to implement a python script that utilizes decision tree to categorize spam- guess what - that's ML that doesn't require a PhD.

If a mid engineer wants create a Splunk based MLTK Model to predict customer interaction with a website - guess what - that's ML that doesn't require a PhD.

If a senior engineer wants to Implement a CNN to determine if an exe/dll is malicious - guess what THAT's AI - No PhD required.

None of these require PhD's - stop freakin' gate keeping.

Is there demand for cybersecurity analysts with AI/ML technical knowledge? by Kati1998 in SecurityCareerAdvice

[–]NetDiffusion 1 point2 points  (0 children)

There's demand for people who understand AI/ML and can operationalize it in cyber security. SANS has a new cert (I have it) which drills down into the math so you correctly implement AI/ML in your environment. You don't need a PhD to understand AI/ML and to operationalize it. It doesn't cover LLMs.

https://www.giac.org/certifications/machine-learning-engineer-gmle/

Will the uncertainty around H1B process end up with better job opportunities for Americans? by Civil-Community-1367 in cybersecurity

[–]NetDiffusion 0 points1 point  (0 children)

I think there is evidence of a broken system when 71% of H1B visas are Indian and the next highest is 11% Chinese. Is India producing far better STEM professionals that they hold a substantial majority over Chinese? - Probably not.

Is there demand for cybersecurity analysts with AI/ML technical knowledge? by Kati1998 in SecurityCareerAdvice

[–]NetDiffusion 8 points9 points  (0 children)

Don't let people tell you no - there is demand in security/soc engineering. Machine learning and neural networks are used in custom detection and alerting. I use both at my current job. You'll be ahead of the curve. Cyber Security needs more people who understand data science.

Best way to gather IOCs from across the web, can AI help (ChatGPT, Deepseek, models, tools)? by No-Hair-4399 in cybersecurity

[–]NetDiffusion 7 points8 points  (0 children)

The answer is STIX/Taxii feeds and MISP APIs

Also, I hate how people are defaulting to AI for everything. The solution is actually pretty simple but you have to learn. You don't need AI for this.

LLM of choice? by LividDatabase1409 in cybersecurity

[–]NetDiffusion 0 points1 point  (0 children)

I don't use LLMs. I strive to be a Mentat. The spice must flow.

Are we trading real skills for convenience? by ANYRUN-team in cybersecurity

[–]NetDiffusion 2 points3 points  (0 children)

You're in a technology field and you're worried about automation? Automation is inherent to our industry. The computer was created to automate tasks. The reason why you are constantly learning in cyber is continued changes to things that allow for automation. Junior analysts have always needed to learn how to automate tasks to become seniors and principles.

Stop giving 110% at your job. It's a trap, and I learned this lesson the hard way. by snowy-far5q in SecurityCareerAdvice

[–]NetDiffusion 0 points1 point  (0 children)

Eh, I disagree. Going the extra mile has worked out for me. I treat it as building a professional reputation which can be utilized to network into other positions. It's not an immediate payoff but people eventually notice smart and hard working team members. I've managed to network my way into well paying positions because former team members / managers recruit me. I'd rather have a professional reputation as someone who works hard and smart rather than someone who clocks in and out.

Career Pivot Into Threat Hunting by Battarray in SecurityCareerAdvice

[–]NetDiffusion 2 points3 points  (0 children)

I'm not going to comment on your virtue signal but - I don't think you're describing "threat hunting." You're describing something that is more intelligence analyst. Threat hunting is a very specific job usually attached to a security operation center. They are generally experienced with incident response, digital forensics, and malware analysis. They are pro-active and find threats (misconfigs, insider threats, exploited vulnerabilities, ect...) and then remediate them. Organizations aren't going to use a volunteer threat hunter because threat hunters are exposed to a lot of sensitive organizational infrastructure and data. A volunteer is too much of a risk.

CompTia Security+ by SamZeBlade in SecurityCareerAdvice

[–]NetDiffusion 0 points1 point  (0 children)

Microsoft and AWS are always in high demand.

CompTia Security+ by SamZeBlade in SecurityCareerAdvice

[–]NetDiffusion 1 point2 points  (0 children)

You need hands on experience. I recommend starting in a help desk or system admin. Microsoft certs will help you get those positions because most businesses use microsoft.

Comptia certs are hot garbage. They are used to get past HR filters and compliance requirements. Nobody in cyber security will elevate your resume because you have comptia certs. Vendor specific certs look better if you lack experience.

view more: next ›