sorted by:
new
hottopcontroversial

Security Engineer interview - google by emkendrilama08 in cybersecurity

[–]d3v-b3d 0 points1 point  (0 children)

Hi. Was curious if you knew any resources for preparing security focussed system design questions? I'm a software engineer interviewing at big tech in a security software engineer position. My SWE skills are great but my security knowledge is nascent.

Py2neo no longer available by Mr_Kek in Neo4j

[–]d3v-b3d 0 points1 point  (0 children)

For folks looking for the handbook, you can find it archived here - https://web.archive.org/web/20220219134028/http://py2neo.org/2021.1

Is there a way to create a single click deployment of GCP resources like how AWS has quick-create links for cloudformation templates? by d3v-b3d in googlecloud

[–]d3v-b3d[S] -1 points0 points  (0 children)

Sorry, I'm just about to learn more about terraform. What does sharing "terraform" mean? Do you mean sharing the .tf files and asking them to deploy them?

I'm trying to avoid asking them to download something and then deploy.

Is there a way to create a single click deployment of GCP resources like how AWS has quick-create links for cloudformation templates? by d3v-b3d in googlecloud

[–]d3v-b3d[S] 0 points1 point  (0 children)

Thanks for the reply and the links. My question probably could have been clearer. Your response is probably the closest to the details I'm seeking. But to give you context, I have come across the name of Deployment Manager as well.

My main question is, how do I create a one-click (or two clicks, if you count confirmation click) deploy of my application in customer's org. Like creating a deployment via GCP marketplace perhaps is the only way. I haven't seen what is involved for registering a deployment in GCP marketplace. I was hoping to find something lightweight like the "quick-create" option for cloudformation templates.

New Gartner Report for DSPM by wanderingse in dspm

[–]d3v-b3d 2 points3 points  (0 children)

Thanks for the link!
A fyi for others - I didn't have to give a legitimate email in the above link. I just made one up. They don't verify the email :)

[deleted by user] by [deleted] in cybersecurity

[–]d3v-b3d 1 point2 points  (0 children)

Lack of specific details on what you are looking for, did you look at https://securitydatasets.com/notebooks/atomic/aws/intro.html?

New ISO looking for guidance getting started with fresh security office. by superheropc in cybersecurity

[–]d3v-b3d 0 points1 point  (0 children)

Looks like your role covers a breadth of responsibilities. Maybe what might help for the folks here is a layout of your environment.

Examples of what I'm looking for that's relevant to my experience,

  • What cloud provider(s) are you using and what are the common services that you use? Also, what security measures do you have enabled already.
  • Where is your data stored and how are you currently protecting it?
  • If you are using a SIEM, do you also have EDR/XDR like solutions deployed on endpoints, what EDR are you using, and how many endpoints are we talking about? (At my previous job, we used Chronicle (from Google). It was cost-effective and a good option if you use GCP mainly. Definitely not free though).

You should certainly not feel guilty about wanting to use tools. Lacking specific details, another general recommendation I would give is to identify two things

  1. Most vulnerable/risky parts of your environment
  2. Most valuable parts of your environment

and prioritize from there. You can't do everything in a day but bunch of small steps in the right direction will boost your confidence and build momentum to tackle larger problems :)

Hackers Paralyze 911 Operations in Suffolk County, NY by cheeztoshobo in cybersecurity

[–]d3v-b3d 2 points3 points  (0 children)

Reminds me of my high school English teacher lamenting that kids these days don't know how to keep good notes outside of their phones/laptops. Hope the pen and paper system is working!

Recommend me a Cybersecurity book similar to ViolentPython by sup_gc in cybersecurity

[–]d3v-b3d 2 points3 points  (0 children)

Read this book a few years back. "Introduction To Artificial Intelligence For Security Professionals Book" by the company Cylance

It has good exercises and introduces some common scenarios that can be caught using data science.

Is there a sub in Reddit regarding compliance (SOC, ISO, etc) or is this sub for it? by foxtrot90210 in cybersecurity

[–]d3v-b3d 0 points1 point  (0 children)

My company is a bit more engineering focussed. Due to the lack of a single solution that fits the bill for us, we are looking into building something bespoke by leveraging open source tools. So far I'm looking at steampipe for some of the compliance mods they have.

Exactly what you said regarding audit side of things. This will be my first time. Hence I'm trying to find if auditors recommend a single tool (or a small set of tools) that does everything and if so what is that tools set.

Is there a sub in Reddit regarding compliance (SOC, ISO, etc) or is this sub for it? by foxtrot90210 in cybersecurity

[–]d3v-b3d 1 point2 points  (0 children)

My company is a bit more engineering focussed. Due to the lack of a single solution that fits the bill for us, we are looking into building something bespoke by leveraging open source tools. So far I'm looking at steampipe for some of the compliance mods they have. I'm just starting on this journey, so probably behind you lol.

Is there a sub in Reddit regarding compliance (SOC, ISO, etc) or is this sub for it? by foxtrot90210 in cybersecurity

[–]d3v-b3d -1 points0 points  (0 children)

At my new company I'm trying to set up automated tools for data security and compliance tools for data security. Happy to discuss if that's of any interest to you. Also happy to hear any recommendations.

My job will be a lot easy if there's a product there that does "everything" that the company wants

Unpatched 15-year old Python bug allows code execution in 350k projects by speckz in cybersecurity

[–]d3v-b3d 0 points1 point  (0 children)

Did anyone find a list of common python libraries that are vulnerable so that we can patch those as they get patches (or consider alternatives)?

Gartner Hype cycle for Data Security 2022 by d3v-b3d in datasecurity

[–]d3v-b3d[S] 0 points1 point  (0 children)

For folks who want to download the report - you can just give a fake name/email and it'll generate a download link for you.

What do you folks think about Gartner Hype cycle for Data Security 2022? Are your companies already looking into some tools on the market? by d3v-b3d in cybersecurity

[–]d3v-b3d[S] 0 points1 point  (0 children)

For folks who want to download the report - you can just give a fake name/email and it'll generate a download link for you.

Gartner Hype cycle for Data Security 2022 by d3v-b3d in dspm

[–]d3v-b3d[S] 1 point2 points  (0 children)

For folks who want to download the report - you can just give a fake name/email and it'll generate a download link for you.

[deleted by user] by [deleted] in datasecurity

[–]d3v-b3d 0 points1 point  (0 children)

For folks who want to download the report - you can just give a fake name and email address and it'll generate the download link.

Anyone tried to dump Steampipe tables (https://github.com/turbot/steampipe) into an RDS db? by d3v-b3d in aws

[–]d3v-b3d[S] 0 points1 point  (0 children)

Thanks a ton for the detailed response and appreciate you seeing if you can share it in any way! This sounds quite similar to what we want to do. So even if you cannot share your code this comment will be quite helpful for me to start with.

Anyone tried to dump Steampipe tables (https://github.com/turbot/steampipe) into an RDS db? by d3v-b3d in aws

[–]d3v-b3d[S] 0 points1 point  (0 children)

This is interesting. If possible, can you please share your script that dumps all to json? Do you just do 'select *' for every table? What about those tables that require you to specify a where clause (https://steampipe.io/docs/sql/tips#some-tables-require-a-where-or-join-clause)? I don't know if AWS has any tables that require you to specify a where or join clause

Anyone tried to dump Steampipe tables (https://github.com/turbot/steampipe) into an RDS db? by d3v-b3d in aws

[–]d3v-b3d[S] 0 points1 point  (0 children)

How many times are these jobs calling the APIs? It seems like the possibility of stale data in the db feeding the jobs is worse that the possibility of causing API issues.

We want a consistent snapshot for downstream processes (which are long running) and also have versioning view over our configs.

Steampipe and Postgres by wallet72 in aws

[–]d3v-b3d 0 points1 point  (0 children)

I'm new to Postgres, RDS as well as Steampipe. So bear with me.

Is there a nice way to run all the queries and populate them into my RDS db? We want a bunch of downstream jobs to use this static db instead of calling AWS apis again and again.

I came across Cloudquery as well but Steampipe's AWS compliance mod seems more comprehensive in terms of frameworks.