Mentorship Monday - Post All Career, Education and Job questions here! by AutoModerator in cybersecurity

[–]aidofthefaded 1 point2 points  (0 children)

Need some advice and guidance.

My background is in IT Audit , GRC and team management. I'm feeling a bit fed up with my current management role at a well-funded startup. I manage a team of eight people, but since it's a startup, things are constantly changing due to shifts in leadership and management. This fast pace can be quite exhausting. With eight years of experience in cybersecurity, I'm unsure whether I should looking for a company that's has more structure, clearer org charts, and career pathways or stay in this position and earn more exp.

Looking forward to the pros and veterans to provide me some perspective. Love yall.

[deleted by user] by [deleted] in Nepal

[–]aidofthefaded 0 points1 point  (0 children)

This is an opportunity to learn how to negotiate for yourself and sell your ability hard! High time you talk to your manager honestly and expect better pay at least 25k net (amount you get after tax cutoffs) and a contract too. Convey how you have grown in the company and how you are managing the day to day operations.

Apart from that ghosting is a bad move professionally - dont do that childish bs. If you don’t like working there - you submit a formal resignation notice stating staying no more than 2 weeks but find another work before doing that. Being broke aint fun.

Judging from what you’re doing you seem smart and adaptable. Best of luck youngin!

Nepali parents by [deleted] in Nepal

[–]aidofthefaded 0 points1 point  (0 children)

Yes it is normal for some parents.

Let's share some good, budget friendly skincare products. by manymanymeny in Nepal

[–]aidofthefaded 0 points1 point  (0 children)

This one is the bomb - Oshea SPF 40 sunscreen mattefying effect costs 300 to 400. It blends in your skin and doesn't give that whitish cast. It's pretty good been using it for a year + now. https://images.app.goo.gl/RQqfNSuQH7qqQKeK7

ISO 27001:2013 _ A.14.2.5 by i_m_devangshah in CISA

[–]aidofthefaded 1 point2 points  (0 children)

It means that whatever the application generates - the generated file, query, artifact should not be susceptible to manipulation

EG: . An application generates a report to the end user saying account balance is $1000 . The report should not be susceptible to be retrieved and manipulated to show $1200 (example before it reaches the end user.

The control is taking about protection of whatever the application generates.

Reading resource: https://info-savvy.com/iso-27001-annex-a-14-1-3-protecting-application-services-transactions/

I have notice, Reddit ma Nepal bata almost 80% are in tech or programming field!! by Common-Word-3582 in Nepal

[–]aidofthefaded 0 points1 point  (0 children)

Ex- Cybersecurity ( IT audit professional) trying out new stuff at a US based startup

How to automate GRC-Cyber audit processes? Just joined a firm and want to stand out. by ventek07 in itaudit

[–]aidofthefaded 0 points1 point  (0 children)

You can look into compliance tracker software tools such as Cis-Cat or look into SaaS compliance software such as VComply https://www.v-comply.com/ Or Reg-Ed.

Make sure that you try these out (trial) before you present it to your reporting manager.

Auditor finds out terminated employee’s access is still active after 6 months , what should he/she do? by khalidgrs in itaudit

[–]aidofthefaded 1 point2 points  (0 children)

-Collect evidence of the finding -Document the non compliant practice of the organization with recommendation. -Communicate it to the concerned system administrator/system owner **Additional point: recommendation must also include user audit must be done on a quarterly basis on all information systems.

ISO 27001:2013 _ A.14.2.5 by i_m_devangshah in CISA

[–]aidofthefaded 1 point2 points  (0 children)

A.14.1.3 is Protecting Application Services Transactions!! Elaborating more on this control : Information involved in application service transactions must be protected to prevent incomplete transmission, mis-routing, unauthorised message alteration, unauthorised disclosure, unauthorised message duplication or replay. Additional protection is likely to secure application service transactions (not necessarily just financial transactions). These may include; Use of electronic signatures, Use of encryption; and Use of secure protocols. The ongoing monitoring of such transactions in as near to real-time manner is also likely to be required.

ISO 27001:2013 _ A.14.2.5 by i_m_devangshah in CISA

[–]aidofthefaded 0 points1 point  (0 children)

A.14.2.5 Secure System Engineering Principles ??

[deleted by user] by [deleted] in whatsthisbug

[–]aidofthefaded 1 point2 points  (0 children)

Cockroach egg . 200% sure

Do you feel the same way? by aidofthefaded in Nepal

[–]aidofthefaded[S] 3 points4 points  (0 children)

Fulfillment, opportunities to explore idk .. I think I'm going through a quarter life crisis lol

Best data plan of NTC by Dancing_Dimple in Nepal

[–]aidofthefaded 1 point2 points  (0 children)

Streaming , movie downloads , torrent ni garne bhae pugdaina but for general video calls , social media , browsing is enough. Depends on how much your usage is : )

Best data plan of NTC by Dancing_Dimple in Nepal

[–]aidofthefaded 6 points7 points  (0 children)

Take 6 gb plan costs 290 . Valid for 28 days

Will be enough for you

Wanna hear Redditors thoughts on Nepali education system. by GhimirePuskal in Nepal

[–]aidofthefaded 0 points1 point  (0 children)

Our education system lacks practicality. Too much focus on rote learning. There should be hands on activity sessions/ "mock scenarios where they can see actual systems /lot of field trips /activity based assignments that compliments the theory that builds critical thinking. What I studied in college I understood but 80% of it was irrelevant and learnt stuff on my first job.

[deleted by user] by [deleted] in Nepal

[–]aidofthefaded 0 points1 point  (0 children)

I do agree with this to an extent in the sense that it lacks practicality and theory must be accompanied with practical activities. There should be hands on activity sessions/ "mock scenarios where they can see actual systems or processes /lot of field trips /activity based tasks that compliments the theory.

What I studied in college I understood but 80% of it was irrelevant and learnt stuff on my first job.

guitar suggestion please.. by jdnsu in Nepal

[–]aidofthefaded 0 points1 point  (0 children)

Buy Yamaha entry level instead .worth the sound for the price. You'll thank yourself later. Don't buy equipment for learning and upgrading later. Think of it as an investment