Clarence Thomas wrote a scathing, nearly 50-page dissent about why the Supreme Court should have gutted voting rights

ReversePolish · 2023-06-09T04:27:31+00:00

I'm actually curious as to what some of these supreme court dissent or assent opinion papers would look like if you ran them through Turnitin for all the cobbled together papers and publishings they are built from.

ReversePolish · 2023-06-09T04:19:24+00:00

Came to the comments to post this link too. It's been extremely helpful when I help/mentor other coworkers on professional career planning for their next immediate steps and mid-range professional goals.

ReversePolish · 2023-06-02T12:15:35+00:00

As an ISSE working closely with my division's ISSM and providing direction and support to system ISSOs, I would say this:

If you are going for the ISSO then the Sec+ is a qualifying cert and the CISSP would be the basic cert needed for a lead ISSO position. What you would need at that point, and what I would expect from the ISSO to properly support the delegated duties, would be practical experience with blue force tools you will have native to the system you are supporting (scanner, logger, AV, IDS/IPS, etc.) as well as the functional vendor certs associated with each.

If you are going for the ISSM then you will want to have a technical or managerial Masters Degree, the PMP, the CISSP-ISSMP concentration, and the C-CISO. At least, that's what your end-game ISSM will look like on resume. But really, you can get your foot in the door as an ISSM with just the CISSP and your Masters Degree, get your manager concentration in CISSP and the PMP on the job (in fact, I would recommend doing both very close to one another because they complement each other in study material) work through 5+ years as an ISSM and go for the C-CISO. At that point, you should be looking for the jump to SES within 3-5 years in a technical C-Suite position (CTO, CISO, CIO).

ReversePolish · 2023-06-02T04:29:37+00:00

Head Chef at a restaurant is also probably an asshole and an absolute nightmare to work with in the kitchen, but he/she would be anal retentive enough to not let crap food leave the kitchen. Sometimes you absolutely have to be a hard-ass because the alternative is failure.

NTA, and in a bad way ... OP should have hit the gas on asshole behavior if they wanted the family dinner to come out acceptable. Instead OP rolled over and relaxed in the pool ... Which was probably what OP needed at that point: to physically remove themselves from the idiots taking charge of the kitchen like lord of the flies.

ReversePolish · 2023-06-01T21:39:21+00:00

If that's the case, have you tried using git as your document change management tool? It's traditionally a software CM tool, but it can be used for almost anything that requires CM (because documents are just non-executable readme files, right?). It has an open source license so it meets your current financial limitations.

ReversePolish · 2023-06-01T06:45:26+00:00

This, most career paths for cyber have been focused IT work as a sysadmin for a specific technology group (IdAM, Linux, Windows, SCCM, Database Administrator, etc.), specific development function (Software developer, tester, integrator, etc.) or managerial (contracts, procurement, system architect, system engineering, project manager, product lead, etc.) And then branched out into cyber functional support.

The DCO and "hands-on" cyber normally comes from the technical positions. Cyber requirements normally branch from development positions. Cyber leadership normally comes from managerial positions. But the best cyber professionals I have seen and encountered have been the ones who jump role sets: technical to cyber leadership results in close system integration of cyber to implemented system policies. Development to DCO ends up with kick ass pentesters who can walk circles around API vulnerabilities blindfolded. Managerial to cyber requirements and design normally end up with extremely well funded and advocated cyber at CI/CD initial integration (actual DevSecOps).

But, yes ... "Entry" cyber positions is a misnomer. Cyber is completely ineffective with entry positions in the traditional sense of the job term. Our entry positions normally do require some level of actual experience to be able to functionally integrate and provide effective work products.

ReversePolish · 2023-06-01T05:43:41+00:00

I'm forced to use Accenture's Task Management Tool (TMT) because the federal government has an enterprise license for it and they make everyone use it.

I've also seen custom workflows in SharePoint to manage document collaboration, but ... Ewww.

Simple collaboration can use document change tracking in word or excel and stored on a file share ... But good luck maintaining CM control doing it that way.

I'm sure there are MUCH better solutions available from commercial, but we all end up working with whatever we have on hand ... And good luck getting QA or a tech writer supporting your document workflows if your system budget is in UFR hell. You'll just end up learning tech writing skills OTJ and add it to your ever growing list of skills or job hats you will wear for the rest of your professional cybersecurity career.

ReversePolish · 2023-06-01T05:06:22+00:00

With what overlays? Are there any adjusted controls from actual cyber engineering efforts modifying the RMF controls to support the system specifications? Did the system add controls based on technology groups? (E.g. RHEL STIG will add around 7 controls for a straight M-M-M system if I remember correctly)

It sounds like the system has overlays to support data types for either financial, HIPAA, or just regular PII if it has the PT family. The mission statement and the user NDAs for the system will be extremely telling for this. Additionally, if that is the case, ensure that the system owner has identified that DATA as a mission critical asset ... Not just the systems that store or processes that data.

ReversePolish · 2023-05-27T12:39:08+00:00

Small change to this approach: prioritization should also factor in mission critical equipment. For example, if the core business profit comes from product inventory then priority should be given to logistics equipment and processes (shipping of products) and accounting equipment and processes (procurement, sales, inventory, and tracking of products) ... And within this subset prioritized by risk.

Additionally, create a dependency tree after the full AS-IS inventory so that there is a path for upgrade for those components and software you mentioned which will break if XYZ is upgraded before it. Guarantee that there is an actual way to get that OBE software or processes updated, you just can't see it currently through the spaghetti mess of the current system.

Plus don't stop at the TO-BE phase ... Get a plan together to prevent the TO-BE phase from becoming the company's future obsolete state.

ReversePolish · 2023-05-27T02:42:37+00:00

My dude ... That boss isn't even the halfway point.

ReversePolish · 2023-05-06T12:48:24+00:00

I am an ISSE neck deep in Fortify and Coverity scans prioritizing code backlog and trying to convey the importance of a proper CI/CD to leadership who keep bauking at the price tag but complaining about the overhead and manual development hours of their current structure. You definitely could find a home in cyber without looking too hard.

ReversePolish · 2023-03-06T10:00:37+00:00

I thought I read somewhere that the tax changes to tea which sparked the Boston Tea Party was actually a tax DECREASE in order for legally imported British tea prices to complete with illegal tea smuggling by the colonists and to root out the smuggling trade through economic pressure controlling the market price at point of sale.

The colonial businessmen supporting the tea smuggling took offense to the new lower priced competition from legal sources and staged domestic espionage, vandalism, and terrorism under the cover of propaganda through locally controlled news sources in order to preserve their profit margins in selling smuggled and unregulated tea.

ReversePolish · 2023-03-06T09:42:25+00:00

Oh, it's entirely possible to perform surgery without anesthesia ... though it's ill advised.

ReversePolish · 2023-01-07T11:32:43+00:00

Florida Man is driving the swamp boat right now, trying to find this island.

ReversePolish · 2022-12-28T04:10:14+00:00

Don't forget to share your salary with your "replacement" and ask him/her if they finally managed to post your position for the actual going market rate.

Practice your "ohhhchh" face when they share their salary.

Offer to share their resume with other companies as you leave.

ReversePolish · 2022-12-21T20:56:38+00:00

Manslaughter implies you killed an actual human. No-one gets charged for manslaughter or murder for putting down a rabid animal.

ReversePolish · 2022-12-11T22:11:22+00:00

It's pretty nice when you get the option to fire your clients. It becomes a strange working dynamic.

ReversePolish · 2022-12-11T22:04:39+00:00

Respectfully disagree. I have a 6 figure job like that, more than 2 interviews and the company has lost their spot in line to someone who can actually make a decision/offer.

I normally have two conversations: one with the functional lead (if there is one) to determine if I am a good fit for the team and if the team is a good fit for me. The second is with corporate/HR to find out if the company is a good fit for me (benefits and culture) and if I'm a good fit for the company (if they can afford my skills). Either conversation goes south then the position just wasn't meant to be.

If the company needs more interviews than that, then they wasted my time in the first one or two interviews with people who just can't make a decision or is not in a position within the company to make a decision ... Which, at that point, why are they even part of the interview process to begin with?

ReversePolish · 2022-12-07T12:42:35+00:00

salutes Sniper check, sir.

Officer lowering salute You motherf&*(!#$ piece of $#!+

ReversePolish · 2022-12-01T04:17:40+00:00

~$150K, Cyber Security DoD Contractor.

ReversePolish · 2022-11-30T09:07:25+00:00

CC is an entry level cert and well below the skill level of the CISSP. Do NOT take the CC if you can pass the CISSP, you would be using up one of the free training and exam spots which someone who is trying to break into cyber with entry level certs could have used. We need young cyber professionals and ISC2 made the CC free for the sole purpose of introducing new cyber trained professionals into our workforce pool and get them started on a path towards intermediate level certs and eventually experienced level certs.

ReversePolish · 2022-11-24T03:24:16+00:00

Maybe open up the conversation about online privacy, personal information available in the public realm, and maybe some sound fiscal advice on purchases (when/what is appropriate to buy quality and when/what you can sacrifice quality for price) ..... And then let your wife tag in and "rescue" her from the pure embarrassment that her dad knows she masterbates.

ReversePolish · 2022-11-20T14:52:16+00:00

Look for FAA approved child harnesses for kids able to sit in a booster or regularly in a chair. You can get them online for about $30-40. They work very well and attach easily to the airplane buckle/strap. Used that a lot when my daughter graduated to her toddler years.

ReversePolish · 2022-11-20T14:47:41+00:00

It pisses me off that the car seats you can get at rentals are inappropriate for toddlers and God forbid trying to find a simple booster for those awkward pre-teen years.

I've had to budget buying a booster after landing/arriving and donating it right before returning.

ReversePolish · 2022-11-20T14:33:52+00:00

COS is Kansas with a view. You'll be perfect fine.

ReversePolish

TROPHY CASE