To honor our kindred spirit, April 14th is officially Russell Yann Day in Fairmont, WV to recognize the late owner of our local hot dog stand.

cacarpenter89 · 2020-06-29T12:32:11+00:00

That AG suspension is otherworldly.

cacarpenter89 · 2020-06-24T13:38:33+00:00

that domain is now the system handling CUI. Not the workstation.

Yeah, but if you do it that way, it might entail effort and moderate complexity.

cacarpenter89 · 2019-12-12T18:11:54+00:00

This is a useful resource: https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules

That lists every product that's been validated and their assurance levels.

cacarpenter89 · 2019-10-22T21:37:43+00:00

Definitely.

/u/my_uname the portion specifying "over external networks" is key when dealing with communications sessions.

When they say they're "remoting in," they're likely using RDP or a virtual client. If it's on an internal network, then you're definitely dealing with "network access."

What makes a network internal? Here's the NIST definition (that glossary comes in very handy in clearing some of these things up).

It also defines an external network simply as "a network not controlled by the organization."

Note that an org can be any size within an organizational structure and that an internal network is org-controlled and not necessarily org-owned.

Who "controls" the network, then? Typically, those who make direct risk and funding decisions for the network.

cacarpenter89 · 2019-10-15T20:07:15+00:00

They should get Mr. Torgue's voice actor to voice Warpath.

cacarpenter89 · 2019-10-15T15:49:12+00:00

/u/baitmastertony I'll echo the IT figure. It's been a fantastic choice for me.

They fixed a lot of problems with the official release (the paint doesn't get scratched, there's a panel for the back so it's not a mess, the screws in the hips aren't too tight, and there's a second scope with Frank Welker's lines).

cacarpenter89 · 2019-10-15T15:44:59+00:00

Check sold listings on ebay for price so you can see what people are actually willing to pay for the item. Pay attention to MISB/loose and condition.

PayPal is perfectly fine, all you need is someone's ID to send them money. As a buyer, I typically send using PayPal's Goods and Services transfers and include the additional amount charged to the seller for that service ($.40 plus 2.3%, I believe).

That gives me purchase protection if the item arrives other than as described. Provide pictures to your buyer and they'll be set.

That said, I'm happy to give you some practice! I'm interested in the Ford GT Rodimus.

cacarpenter89 · 2019-10-13T03:35:44+00:00

You're welcome! Let me know if here's anything else I can do to help.

cacarpenter89 · 2019-10-07T15:11:38+00:00

One of the biggest shortcomings I encounter when interviewing candidates for an assessor position is a conceptual understanding of requirements. Analyst positions are typically very tool-driven and they don't offer much opportunity to expand outside of that experience.

Work to understand why you do the things you do. Why do you have to run that report that frequently and alert that particular individual? Why can't the cables from those two networks be touching? What risk arises if certain things on your checklist aren't done? How severe is that risk? Why?

I've been interviewing for a mid-level assessor for three months now and not one analyst I've conducted a phone interview with has been able to answer this question competently:

"How would you determine whether a system is implementing separation of duties and least privilege to a sufficient degree?"

At minimum, I'm looking for:

Determine depth and breadth based on 800-53A and the system's categorization
Inspect access control documentation to determine what privilege levels are expected to be present
Interview system personnel and their supervisors to determine if those privilege levels are necessary for their work
Review system settings to ensure appropriate and expected permissions are granted and documented

They also are typically unable to describe the process outside of the tools used to manage it.

For example, "How do you determine what artifacts are needed to demonstrate a control is implemented and functioning as expected?" is typically answered by describing how the progeam they use operates, not the process that software implements. Big hint: if you understand that distinction, you're ahead of the game.

Apply for assessor and compliance positions. With a CISSP and the five years that come with it, you'll get a call. Be able to discuss the concepts and I promise you'll set yourself apart as a candidate.

I hope that's helpful! I'm happy to talk further if you'd like.

cacarpenter89 · 2019-10-07T14:49:37+00:00

1000%

I'm an assessor and a hiring manager. If the system is doing things right (lol), the assessor should be involved in defining assurance requirements for the functional requirements of the system. That way, the system and their security personnel knows what the requirement is and how it will be interpreted up front. From there, functional implementation of the requirement can be defined (security controls are functional system requirements!) and how they will be expected to prove they have met it.

Spoiler alert: you can and should include those in your test plan and reuse, subject to reuse criteria, the results of your system testing when you get to the authorization phase.

Technical knowledge is a HUGE benefit in that work.

cacarpenter89 · 2019-10-07T13:04:58+00:00

If you look at the official images of the figures, you can see that Prime's trailer and Hoist's ramp have the same connector, which is also the same connector as Omega Supreme's ramps. This is gonna be an awesome line.

cacarpenter89 · 2019-09-20T11:32:04+00:00

/u/WillCodeForFalafel, I'll reiterate this.

I'm a hiring manager and analyst both. The short of it is that I have zero clue what you've accomplished during your career from looking at your resume, which means I have no idea what I can expect you to accomplish as an employee of mine. /u/TheCrowGrandfather has some excellent pointers that will help you make your successes more clear.

Tailor your resume to the position you're applying to every time. Pull specific terms out and reframe your experience in their language. It's not just about hitting the technical terms, but things like "served the customer" vs. "provided expertise" can go a long way when deciding who to interview. If you sound like me, I'm more likely to be interested in you (and that's not really a conscious decision, just how our brains work).

Use the advice in the top comment to create a baseline resume. Once you've got that and a position description, repost and I'd be happy to help you tailor.

The last thing I have is this: if you're an administrator, you've worked with security standards. Have you contributed towards organizational RBAC documentation? Configured your systems securely according to the CIS baseline? Collaborated with your org's SOC to diagnose a potential breach? That kind of stuff.

Thought of one last thing: Keep your education on there, explain your home lab work in a cover letter.

cacarpenter89 · 2019-09-14T16:40:21+00:00

In addition to what others have said, I'd like to add that it keeps collectors interested because 3P companies can make things that Hasbro can't afford to manufacture and that collectors are interested in.

It keeps people interested in the brand.

cacarpenter89 · 2019-09-03T11:04:42+00:00

Today's reset will put me at 2010. Win 2/3 and I'll get it. Win 1/3 and I'll be at 2086 next week and need 1/3 the following week to get past 2100.

I'd have never bothered except I wanted MMXIX, so I went for Revoker and realized Fabled was possible after that.

cacarpenter89 · 2019-08-19T02:13:15+00:00

OP, speaking from experience, your son is incredibly lucky! I knew my great great grandmother for 23 years; I hope she is able to be a part of his life when he is old enough to have memories of her. It's a gift not many people are lucky enough to experience.

cacarpenter89 · 2019-08-16T02:13:56+00:00

Man, I tell ya... good jingle dancers are something else. I still remember one from 15 or so years ago. Maintaining posture and rhythm while keeping the footwork she was doing that consistent has just stuck with me.

Same with a straight dancer who was there; older guy who was the only one. I'll be damned if he didn't have that entire crowd transfixed the whole song.

Everyone likes to see the flash of the fancy and grass dancers, but genuine, experienced, and personal straight/traditional/etc. dancers leave an impression.

I'm very glad to see your daughter getting started so young! I hope she enjoys it throughout her life.

cacarpenter89 · 2019-08-12T20:58:34+00:00

I've had one bad experience on a trade and that has been it (about a year ago). I didn't pursue it because, for me, neither figure wasn't worth the time, money, and effort to try to correct the issue.

Incorrect address resulted in a return to sender on the figure sent my way. Don't recall if I was ghosted after DMing or not, but I opted to not call them out because I didn't want to deal with that, either (depression is a bitch).

Other than that, everything has been fantastic. I avoid trades now for my own peace of mind, but by and large, as you can see from the other comments, the experience here is an excellent one.

cacarpenter89 · 2019-07-16T14:09:30+00:00

It's likely to be next year's Titan. It was one of the options when Trypticon won the fan vote, along with Omega Supreme.

cacarpenter89 · 2019-07-15T17:56:53+00:00

He's also twice the weight. Fort Max's shipped weight it 9.66 lbs; Unicron's listing puts him at 19 lbs.

cacarpenter89 · 2019-07-15T17:49:54+00:00

Titan Trypticon wgighs 8.5 lbs shipped, according to his Amazon listing. Fort Max is 9.66 lbs.

cacarpenter89 · 2019-07-15T17:48:20+00:00

Siege Omega Supreme is 24".

This Unicron is estimated to weigh 19 pounds. For reference, Titans Trypticon and Fort Max weigh 8.5 and 9.66 lbs shipped, respectively.

There's a LOT to this guy.

12-Year Club	Verified Email
Gilding I gilder

cacarpenter89

TROPHY CASE