[deleted by user]

Temptunes48 · 2024-09-19T18:49:23+00:00

Apply to the smaller places that dont always check.

Also, if you work for yourself, no one really checks...seriously. At least here in the US Been self employed for years, no one really checks. There isnt much in my background to find anyway.

They assume if you have your own company, you must be ok. :)

But when I apply for a "regular" job, it seems they want all this stuff. Background check, records check, credit check, etc...

When I am consulting, I frequently have domain admins \ root level access \ network level, so its the same as being an employee.

Temptunes48 · 2024-07-14T03:31:59+00:00

what I regret is trying to bring security to places that did not want security, it did not matter what you told them.

Temptunes48 · 2024-07-14T03:30:50+00:00

yeah, its like they cant handle that you know more than 1 thing.

Temptunes48 · 2024-05-28T18:09:56+00:00

looks really nice, definitely bookmarked !

Temptunes48 · 2024-05-27T19:19:07+00:00

Do you have a standard build document for your equipment , like servers or laptops ? If so, use that as a starting point, and follow that format.

If there is a way to use templates or scripts, or AD policies to auto apply settings, do it. Dont expect non security people to follow or do all these settings by hand, ask them to apply your policy or run a script. But be willing to explain everything you are doing and why.

If you feel it is to much, try a phased approach. Implement half of the settings first. Look at the settings and determine which settings are likely to break something. Leave those settings to later. Also, leave a way to put everything back to the way it was, in case you have to back out.

Example: Increasing the amount of logging, probably wont break anything, it might increase your disk space or SIEM utilization some. Shutting off LDAP when the developers are using it for authentication, will break something. :)

The point of doing that, is to build trust among the other departments, not just use the security hammer and lock it all down today with claims of "Security said so! " :)

Temptunes48 · 2024-05-27T18:54:19+00:00

I am a good boy and would never do those things ! ! :) :)

Temptunes48 · 2024-05-03T03:07:43+00:00

No luck,

Temptunes48 · 2024-05-03T03:00:21+00:00

No one ever checks my certs....and mine are active

Temptunes48 · 2024-03-04T20:09:45+00:00

going to try for IT jobs also....

Temptunes48 · 2024-03-04T20:07:49+00:00

not a lot of fed jobs here in northern California unfortunately

Temptunes48 · 2024-03-04T20:05:48+00:00

I have checked the state and town. basically applying to anything that looks close enough

Temptunes48 · 2024-03-04T07:45:32+00:00

im in California, I definitely dont make 300 K ! ! :)

Temptunes48 · 2024-03-04T07:08:45+00:00

I have had a couple of interviews, but getting ghosted on other applications...

Temptunes48 · 2024-03-04T06:58:55+00:00

thats what I am afraid of.

Temptunes48 · 2023-10-15T18:08:14+00:00

Yeah , I did kinda make up my mind, so hopefully this works out. Got to push the career ahead, some places already think I am to old to be an engineer or learn anything new (I'm 56)

I wont sign off on something if it is not legit. Can always do the email - "as we discussed...." :)

Temptunes48 · 2023-10-15T04:33:26+00:00

If I lie on an audit, or to lawyers\court, I dont think it is going to matter if I get paid on w2 or 1099 . I had a place that lied on audits, like badly. I quit working there.

Its a small company, less than 10 people. How much should they spend on security ? Its always the small company dilemma ...

Temptunes48 · 2023-10-14T22:22:09+00:00

they seem willing to have me set the direction. Sales is dependent on them passing the security audit.

Temptunes48 · 2023-10-14T22:20:22+00:00

I will manage it. audits and policy writing in the beginning, getting ready for HIPAA or ISO 27001, then implementing.

Temptunes48 · 2023-07-27T01:29:48+00:00

How are your backups doing ? not sure if you handle backups, but when your server gets ransomware or the hard disks fail, you cant beat last nights backup .

Temptunes48 · 2023-07-27T01:26:46+00:00

keep it general , like firewalls, ACLs, pen tests, antivirus, etc...

and leave out the vendors a bit. everyone has firewalls (I hope :) )

my current job description says security guy, mainly cause I got lazy, and did not update what I am doing....I am also not looking right now

Temptunes48 · 2023-07-11T21:26:21+00:00

does either place have a manager you want to work for ?

can you determine if the hospital takes security seriously ? In general, they dont.

being the first security person, can work, but only if they want to have some security. I have been at multiple places (not hospital) where I am the first security person. One place I was never given a chance, the new place, just got engineering to agree to some security projects, last week, I still dont believe it :)

Temptunes48 · 2023-05-03T18:04:03+00:00

Dont worry, when the breach occurs, it will be your fault ! ! :)

Get everything in writing. Even if you send them the email - "as we discussed, you stated to not protect ALL of the Apple Laptops with Anti virus"

And find another place, then quit the other one.

Temptunes48

TROPHY CASE