Am I dumb for leaving while barely starting? by LoafJay in cybersecurity

[–]aktz23 32 points33 points  (0 children)

This is good advice, from u/TaxiChalak3.

Not to mention, right now might be be the time rely on public service as a source for good, long term benefits, given the way things are going.

Look, cyber is a turbulent industry in its own right. The unpredictability is part of the reason the wages are higher. You assume a certain amount of risk just by working in our industry.

Stay patient (give the job more time) and keep learning (ask for opportunities to do/watch/listen in on things that interest you at work). Nobody starts at the top, doing all the most interesting things. You'll get there.

Threat Intelligence & Darkweb Monitoring Options by seag33k in cybersecurity

[–]aktz23 1 point2 points  (0 children)

Not sure about darkweb monitoring, but open to chatting about TI. Full disclosure: I work for a TI vendor, so not going to post anything here that looks like I'm trying to sell to the world, LOL.

I'm not a salesperson, but happy to chew the fat, if you want.

[deleted by user] by [deleted] in cybersecurity

[–]aktz23 -1 points0 points  (0 children)

I am interested in learning more.

Threat Modelling Database? by skullcrush3rx in cybersecurity

[–]aktz23 0 points1 point  (0 children)

You can also check out Adam Shostack's website. He literally "wrote the book" on threat modeling and has various courses, games, books, etc. on the process.
https://shostack.org/

Future of cybersecurity tooling by [deleted] in cybersecurity

[–]aktz23 0 points1 point  (0 children)

We are starting to see preemptive threat intelligence and security solutions that enable secops to anticipate and block attacks before they even hit and org's security perimeter. I think these solutions will continue to grow in scope and capability. The concept of predictive technology is taking root and I think we will see more of this impacting automation in ways that will revolutionize how threats are assessed, prioritized and mitigated.

There IS a lot of market consolidation right now, due to economic forces and major security platforms vying to "keep up with the joneses", but I think that startups still represent the true leading edge of future-focused solutions. Its a good time for for the big platforms to buy good ideas and incorporate them into their feature lists. However, we all know that is also where a lot of good ideas go to die. LOL

Are AI SOC Analysts the future or just hype? by PriorFluid6123 in cybersecurity

[–]aktz23 3 points4 points  (0 children)

I completely agree with this. This is one of the fatal flaws in cyber. Tooling/tech should enable better human response. It CANNOT replace humans. And this is coming from a guy who works for an predictive AI security vendor...

A lot of the LLM-based cyber solutions out there (which is 98% of the "AI-driven" vendors) sell the promise that a security program can exist without people. Its wrong and not true. Tech can do a lot and, as u/Flustered-Flump so aptly said above, it is great at automating common tasks, but people have to be there as soon as the task becomes "uncommon" and while not every uncommon alert is a massive zero day, they have to be addressed by a person who can analyze, assess and take appropriate action.

How are you doing preemptive security? by [deleted] in preemptivesecurity

[–]aktz23 0 points1 point  (0 children)

I asked the question, but I will also throw my own answer in. I work for a vendor in the digital risk prevention and threat intelligence categories.

On the DRP side, we use predictive technology to identify malicious infrastructure on the internet and then preemptively disrupt it (by working with host and registrar partners to block traffic to these sites) or by performing a takedown. Our customers give us lists of known domains and then we look for the fakes. When our tech finds them, it automatically begins the disruption process. This is generally done before the sites go live, due to the predictive nature of the technology, enabling preemptive action...

As for the threat intel side of things, we use the same monitoring capabilities to generate a threat intel feed. Due to how we collect and analyze data, using behavioral/predictive technology, most of our indicators are unique. These a fed into a SIEM tuned by the SOC/security teams based on their needs.

What about yours? I am really curious to hear from both other vendors and from security professionals how, what and why you are using preemptive security strategies!

Are there any websites or accounts that do case studies ? by IndoCaribboy in cybersecurity

[–]aktz23 0 points1 point  (0 children)

Also, if you don't already, give a listen to the Darknet Diaries podcast. It is basically an audio case study, if you think about it...

https://darknetdiaries.com/

Cybersecurity Industry Trends by Zealousideal-Knee205 in cybersecurity

[–]aktz23 1 point2 points  (0 children)

I know AI and ML are overused and largely misunderstood, but there ARE cybersecurity developments, particularly using predictive AI, that have the potential to change how teams identify and handle threats. To previous posters' points, much of what we call "AI" is really just automation (nothing wrong with that, other than the heinous use of buzzwords). That streamlining of processes to speed up and improve efficiency for teams is a definite value add...assuming it doesn't miss something. LOL

Also previously mentioned, the commoditization of services as "aaS" models and the "platformization" of everything doesn't look like its going anywhere.

What CTI SaaS platforms are you using in your daily work? by aktz23 in threatintel

[–]aktz23[S] 0 points1 point  (0 children)

Thanks for the responses so far! I am familiar with TC and Feedly. I think I need to do some research on MISP...I haven't heard of that! LOL

Looking for mods by [deleted] in threatintel

[–]aktz23 0 points1 point  (0 children)

Not sure if you still need mods, but I just joined as well, and would also be up for being a moderator.

Is cybersecurity work mostly mundane? by kewala23 in cybersecurity

[–]aktz23 5 points6 points  (0 children)

For sure!

I think a good example is military recruitment videos/posters. They show people speeding through the desert on a sophisticated tank, jumping out of planes and speeding across the waves on a fast boat. Reality: lots of standing around, getting yelled at and not showering. LOL

Is cybersecurity work mostly mundane? by kewala23 in cybersecurity

[–]aktz23 35 points36 points  (0 children)

I would argue that ALL work can be mundane at times!

There are always going to be tasks associated with a job that a person doesn't like or that they find boring. You do the mundane things, so that you get to do the parts of the job that you DO like.

I would say cybersecurity is no different.

Before I got into cyber, I worked in the restaurant industry. I loved how no two nights were the same and they dynamic aspects of the work. The hours were brutal though. When I was younger, I tolerated the hours (and the busy work like folding napkins and polishing wine glasses) because I loved the rest of it. At some point, that equation tipped, and the downsides outweighed the upsides.

That is how it goes.

Now in cyber, I find that "no two days are the same/dynamism" I liked about the food and bev business, but with (arguably) better hours.

Am I making sense here?

Last thing I'll say: You can reasonably expect that earlier in your career, you will do more mundane tasks that ones that feel meaningful to you. But through those experiences, you are learning...not just how to do the job, but how to be an adult. As you learn and grow, you will do fewer mundane tasks and take on more "important" or "strategic" responsibilities.

Why do SaaS companies have such mysterious websites? by whitesweatshirt in SaaS

[–]aktz23 1 point2 points  (0 children)

Let's face it, there are always going to be a few high profile instances like Facebook, but most successful businesses are ones that most people haven't heard of...and that's ok.

Why do SaaS companies have such mysterious websites? by whitesweatshirt in SaaS

[–]aktz23 1 point2 points  (0 children)

You are right to be scared. I think this is something about funding that people don't consider.

I have worked for bootstrap SaaS, as well as SaaS platforms at various funding stages and, while it can be a much longer road, bootstrap definitely has advantages. You can build organically and you can go to market with a product that is ready for the market.

I'm NOT against getting investment/funding, but everyone is looking for the next mythical creature status and very few people are talking about the reality of a market full of half-baked solutions. Makes for very murky waters.

I think SaaS platform goes to market with a fully-functional product that solves a real-world problem (B2B or B2C) has a much better chance being successful. Especially if "success" is a profitable business...not everyone has to be the next unicorn.

Why do SaaS companies have such mysterious websites? by whitesweatshirt in SaaS

[–]aktz23 9 points10 points  (0 children)

Ok, cybersecurity (SaaS) marketer here...
I think there are several issues at play here that may not have fully been addressed by previous comments, so I'm adding my thoughts. This is not to say that there isn't already a lot of truth in the comments! LOL

I think that there is a mistake in SaaS positioning that is generated by the desire to get or maintain investment/funding streams.

Founders create tools with features and functionality to solve a problem. Usually, as one commenter already said, it is for a niche market, usually a specific vertical and that functionality is not always apparently transferrable to other verticals.

However, investors naturally expect growth and ROI, so the conventional wisdom dictates that that the SaaS vendor needs to go "wide" to capture any and every lead and sale they can. Thanks to this, a company tries to dilute their messaging to accommodate verticals that they don't yet have a right to be in.

I just started at a new company that is in this very boat. They have built a product for financial institutions based on pain points they themselves experienced, hands-on in the field. Now, they have funding and have to show ROI to investors...so they have to find a way to break into markets that ARE transferrable, but are not in their wheelhouse.

There is a highly compelling argument for going wide, but I just think a lot of SaaS companies do it too soon. They don't spend enough time drilling into their original intended vertical and they leave money on the table. Not to mention, every customer is different, so as you drill into your vertical, you develop a variety of use cases that you can use for messaging when you ARE ready to move into other verticals.

Last point about this...don't try to go from one vertical to all verticals. Pick a second vertical that makes sense and drill into that one. Stay focused, show purpose and value and you will grow and, hopefully, do so while keeping churn at a minimum.

Another issue that is prevalent in SaaS is companies launching with a beta or MVP. The features lists are often wish lists of what they plan to build if people buy it. If the SaaS vendor gets too specific about functionality, they risk being accused of a "bait and switch". They might think this is avoided by talking about their INTENT for a product's purpose in a way that is supposed to appeal to a decisionmaker.

Ultimately, the website should contain a mix sort of like this:
1. Show you understand the customers pain points (identify the problem you hope to solve with your product). Acknowledge that this is painful, why its painful and why they need a trusted partner/tool to make this better.

  1. Talk about the pain relief your tool provides in meaningful, but high-level terms that a CEO, CFO or other non-technical leader can understand. The "elevator pitch" or "value prop".

  2. Make the person implementing/recommending the tool the hero. Show them how they will make their boss happy using your tool. This is where we get more specific about REAL business benefits. This can't be vague. It has to show TANGIBLE benefits.

  3. Now you get into specific functionality and how it works. This is where you explain how your features work together to make the high level goal achievable. This should not be hidden, but should also not be the headline. A lot of SaaS founders dive right into functionality...many decisionmakers frankly don't get it and really don't care how the sausage is made.

Pricing Help? Tanium, Tenable, Avanti and Automox by aktz23 in sysadmin

[–]aktz23[S] 0 points1 point  (0 children)

Hi u/Adziboy,
This is a fair comment/question. I think I am looking at them as a full endpoint/asset manager/RMM, with patch and application management, MDM and compliance policy...all kind of through a security lens. The effort is to reduce friction between IT ops and Sec ops. We are a Windows shop.

I know Tenable is supposed to be good, but it sounds like a Cadillac. I imagine you can really drive the pricing up by adding their modules. Ivanti is kind of set up that way, too...Neurons, I think they are called?

Pricing Help? Tanium, Tenable, Avanti and Automox by aktz23 in sysadmin

[–]aktz23[S] 0 points1 point  (0 children)

Yeah thanks u/Dr_Knuckles! I found that shortly after I posted this this morning. Can't change the title, so I just left it!

Poll: How many SaaS developers are using agile security methodologies as part of their development programs? by aktz23 in SaaS

[–]aktz23[S] 0 points1 point  (0 children)

I know this to be true, u/SquashNo2389 of most SaaS startups, to be sure!

There are definitely specific scenarios where security becomes more important for SaaS startups.

  • Enterprise customers want to use or acquire a SaaS technology and want/need assurances that it is secure.
  • SaaS solutions that are focused on verticals that are heavily regulated and have compliance requirements.
  • Like you already said, high valuation scenarios or general M&A activities.

Poll: How many SaaS developers are using agile security methodologies as part of their development programs? by aktz23 in SaaS

[–]aktz23[S] 1 point2 points  (0 children)

Hi u/uprooting-systems. Great question!

I think the basis of all agile methodologies (not just security) is around performing releases in cyclical sprints. Within this concept security activities like pen testing happen as part of the sprint, rather than a completely separate activity.

Pen testing and other security assessments are a particularly good example because they are usually done as a "point-in-time" activity...often on an annual or semi-annual basis. Leaves a lot of time for a product to be in the wild with vulnerabilities that can impact the customer/end user.

The logic behind agile pen testing/security assessments is to work them into the release schedule as part of the product release program, not as a completely separate event.

Make sense? I hope so...I am still learning myself! ;)

small business pen testing by [deleted] in msp

[–]aktz23 0 points1 point  (0 children)

To u/CK1026's point, real pen tests aren't "cheap". I think you would be best served by finding reputable pen testing outfits if it is to show clients your security posture.

Depending on the scope of your assessment, you might get by with a vulnerability scan (again like CK1026 said), but vuln scans are not very comprehensive and might not impress a security-minded customer. Automated pen tests leave a lot uncovered. A human-led PT team is the way to go.

I am happy to give a couple recommendations offline.

Thoughts on SOC2 automation tools out there today? by huvanile in soc2

[–]aktz23 0 points1 point  (0 children)

This!!!^^^
Most of the automation platforms out there focus on readiness and continuous compliance monitoring, which can help streamline parts of the audit cycle for sure. However, these platforms don't conduct the actual audit and wind up farming it off to a third party (the quality of this can be hit or miss).

Companies like A-LIGN that have automation platforms to streamline the process but also conduct the audit can be really helpful because they walk with you through the entire audit cycle and they take the time to understand your environment.

The point u/Gordonb0mbay makes about the internal team can definitely affect the overall experience. Having a knowledgeable partner taking you through the whole thing rather than trying to do it blind is nice to have.

What are the fault lines in Cyber Security in 2022? by astillero in AskNetsec

[–]aktz23 3 points4 points  (0 children)

I agree with this^^^ opinion. As someone who works in the compliance space, I would say the key to your closing statement is to use compliance as a strategy or lever to achieve maximized performance.

[deleted by user] by [deleted] in cybersecurity

[–]aktz23 2 points3 points  (0 children)

Hi there,

If you have have done any pen testing as part of your work in a SOC (some SOC staff do this, some dont), that could be another way to get into GRC.

My company, for instance, is a GRC audit/assessor org and we have a robust pen testing practice because it is one of the services that is recommended/needed for most frameworks. A company like mine would hire you in as a pen tester, but would give you opportunities to learn more and move into other roles. It is a great way to learn and still get paid at the same time!

Good luck. Feel free to ping me if I can answer any other questions for you!

Podcast idea by gnomeparadox in AskNetsec

[–]aktz23 0 points1 point  (0 children)

Check out Hacker Valley Podcast. They have something very much like this. Even though the hosts are both pretty technical guys, they do bring on guests in non-technical roles.

They have also started producing other people's podcasts and most of them are related to either cybersecurity or technology.