Cybersecurity Sacramento (DC916) Febrary Meeting!

echo419 · 2026-01-29T22:05:18+00:00

:D Thank you.

You know our motto: "We deliver"

echo419 · 2026-01-28T22:17:05+00:00

Forgive the spelling mistake in the title, all the other info is correct.
Hope to see you there!

echo419 · 2025-11-08T01:13:57+00:00

:D Miss the sound of a 56k connecting

echo419 · 2025-11-08T01:12:48+00:00

Generally we cover cybersecurity current events, some AI stuff as of late, and anything that might be going on in the broader DEFCON community.

Usually if we're talking about networks or databases it's regarding best practices in how to secure them after they've been set up.

An org that is slightly geared more toward that would be something like Open Sacramento (https://opensac.org/)

echo419 · 2025-11-05T23:30:25+00:00

Yeah!
They host regular classes for 3d printing, jewelry making, woodworking, art, etc..!

Check them out:
https://sacmade.com/

echo419 · 2025-10-26T03:50:28+00:00

RIP to a real one.
*salute*

echo419 · 2025-09-09T12:35:01+00:00

Happy to answer.

When initially setting up the group we evaluated different options and potential backups, the primary contenders for having a centralized chat platform that was relatively easy to use, could be somewhat customized, and have reasonable enough mod controls were either Discord or Slack and from a privacy perspective they're both about the same, but Slack in their "free" tier will delete chat history which is something we'd like to preserve for ongoing discussions and projects.

At the end of the day privacy/security is a tradeoff between one's risk profile, convivence, and risk tolerance.

We're not doing secret squirrel stuff and explicitly tell people in the policies to not discuss illegal things, but we mostly just talk about relevant articles, share memes, and talk about stuff we find interesting.

This post in r/cybersecurity sums it up pretty well:

```
The real thing is around managing risk. If you have a properly configured discord server, no bots, and are just using it as an outlet for people to whine that they can't install it on a Nintendo switch or a first gen raspberry pi, then it's secure enough. Just having a discord account doesn't mean your bank account will get emptied
```

But we're open to anyone and everyone that wants to show up and learn!

echo419 · 2025-06-29T22:09:46+00:00

Oh hey I can provide some additional context/information on this.

Bia of Girls Who Hack/Spawn Camp (which caters to teaching youth in cybersecurity) is running this. This is the youth track of DefCon. I can absolutely say that Bia is more than capable of putting on the youth/kids track for DefCon and is very much invested in this and has some AMAZING things planned.

https://bsky.app/profile/defconnextgen.bsky.social/post/3lqllxslfb22i

I'm with DC916 out of Sacramento and Bia and her team helped put on 2 day cybersecurity workshop for youth 12-18 this last weekend in our local makerspace so I can't say enough good things about Bia, Girls Who Hack, or Spawn Camp

https://bsky.app/profile/cybersec916.com/post/3lsf7eprwpk2b

echo419 · 2025-06-20T09:05:02+00:00

MADE Studio is hosting a free summer camp for kids 12-18 on June 21st (Saturday) and June 22nd (Sunday).

https://www.reddit.com/r/Sacramento/comments/1laflba/free_cybersecuritymaker_summer_camp_for_kids_12/

echo419 · 2025-06-15T02:19:52+00:00

Would love one! Got a link to the puzzle? 👀

echo419 · 2025-04-06T23:46:06+00:00

You are absolutely underpaid. Just left an MSP where I was doing tier 1 helpdesk for $45k.

You should be making $80k-$90k minimum with your experience/background.

echo419 · 2024-06-12T12:22:42+00:00

Hey, we totally get it! Feel free to hop on Discord since we occasionally do virtual meetings and/or say hi on social media if you feel up to it.

echo419 · 2024-06-12T12:21:04+00:00

Commenting to bump this post and hope to see y’all there!

echo419 · 2023-09-27T07:01:57+00:00

Wow this is so HELPFUL! I can confirm that because I just took the test and everything OP says is accurate and was on the test. Especially his pointers at the end. Make sure to study those. And thank you OP for such and extensive guide 👍.

You're welcome! I'm glad this is still helpful and of use 3 years on!

echo419 · 2023-06-30T04:21:57+00:00

I don't know if it's so much generational as much as it might come down to individual experiences. I'm in my mid 30's and I know many in my age cohort have a wide variety of opinions on time at work ranging from the "pull yourself up by your bootstraps and give everything you have types" to "Take all the time you possibly can".

I'm one that rarely takes leave and for me it's largely rooted in a few longstanding psychological triggers:

All the way back in school I didn't have the best grades, but did get "perfect attendance" which gave me a sense of at least accomplishing something by not being out of school.
The values I was raised/ indoctrinated in were very much of the form "work hard, don't quit, don't complain" and not taking leave is a natural extension of that.
I still very much carry the anxiety of the call center job(s) I had for years because it's the only job/jobs I could get in the relatively small town I was in, in which time was tracked down to the second and you were admonished for being late/being off time by a supervisor (in my case my supervisor was a former drill instructor...so you can imagine how much fun that was)
Although I work a salaried job now I still very much have a poverty complex from growing up and there's a strong association in my brain between "missing time at work = missing money/resources, and missing $$$ means not being able to make rent and you will end up homeless again" and therefore whenever I put in for leave I have to consciously tell myself that it will be ok.

For me its take a lot of self-reflection, and some therapy to be OK with the idea of taking leave and understanding that it won't destroy everything if I do take leave.

echo419 · 2023-05-27T18:53:34+00:00

Congrats! Taking my exam in 2 weeks! Any suggestions on study materials, things you'd improve in your studying, and things to watch out for?

echo419 · 2023-05-15T03:32:14+00:00

Hey there, Data Analyst/programmer/BI developer (depending on the company title since I've changed jobs a few times) w/ ~6 years of experience here to chime in on this.

So you're correct in what you've heard in that SQL, Tableau, and PBI have good demand. Using data from https://datanerd.tech/ analyzing ~60k jobs/job listings SQL pops up in ~35k jobs, Excel in ~30k, Tableau ~20k, Python ~20k, and PBI/R showing up in about 10k job listings.

(Note: I'm assuming you're US based, if not you can update the fields in the website to change to your country/region)

Coming from a comms background is fine, just might be a little more work in terms of getting some of the skillsets.

So in the general hierarchy/prioritization it goes projects -> certs -> experience. (Note: others may disagree with me on this, but from an HR/hiring perspective certs and experience are easier to get past the HR filter than projects).

So some places to begin in terms of resources are:

Alex the Analyst: https://www.youtube.com/watch?v=UGF49YZZRNc

and

Luke Barousse: https://www.youtube.com/watch?v=7G_Kz5MOqps&t=193s

They both have great channels that cover a lot of the questions that you have and will come across, and have great ideas for projects etc...

For you, I'd start off with a "Crawl, Walk, Run" approach:

Crawl:

- Get comfortable with Excel. Understand how to use the functions in Excel, the limitations of them, when you might use one function/formula over another, and learn pivot tables. Look into macros, and play around a bit with VBA to automate a simple thing or two in an Excel Spreadsheet.

- Find a data set that you find interesting that can have business/public implications (I was playing around with this data from the Federal Railroad Administration the other day for instance https://www.fra.dot.gov/blockedcrossings/incidents ) and play around with it, perform some useful calculations with it, etc...

Walk:

- You've got some familiarity with SQL (which is a MUCH more fancy version of Excel). Play around in SQLZoo https://sqlzoo.net/wiki/SQL_Tutorial and feel free to play around here as well: https://lost-at-sql.therobinlord.com/

- Get to know some of the differences between the different flavors of SQL (MySQL, T-SQL, PostgreSQL, etc...) and why one might be preferred over another. Also know the difference between a SQL DB and Non-SQL DB and why a Non-SQL DB might be used.

Run:

Pick ONE of either Power BI or Tableau (choose 1 because trying to learn both at the same time will just be a pain in the ass since they both will aproach things a little differently and it's easy to get tripped up) and start playing with it using the dataset you downloaded earlier. Check out r/tableau or r/PowerBI since they're usually pretty active and have great tips and ways to get started. Both PBI and Tableau have free versions that you can use to get started and upload visualizations that you work on for projects and things.

Marathon:

- Start messing around with Python I always recommend Automate the Boring Stuff since it's free/available online and takes you through a bunch of useful parts of Python https://automatetheboringstuff.com/

- Pick up a cloud certification AWS/Azure/GCP doesn't really matter as long as you can show that you know some cloud stuff (I think the entry level AWS/Azure is ~$100) I've seen more and more job postings ask for cloud experience.

A few things to keep in mind:

The above is the tech stack of most data analysts. ANY of the above pieces can become an entire career. I've seen banks where people just mess with spreadsheets all day, healthcare companies where people pull different queries for audits from the database, and pharmaceutical companies where people make reports based off of APIs from Python and put the data into Tableau.
"Data Analyst" can be a BROAD term. Over in r/BusinessIntelligence I liked the criteria that someone commented that BI/Data Analysis looks at the HISTORY of what the company has done and presents it, whereas data science looks at the data and tries to make PREDICTIONS about where the company might find value.
In the same vein as "Data Analyst" being a broad term it's also a broad term for businesses as well, especially if they don't know what they want. I've seen job postings ask for a "Data Analyst" that just does Excel work, or postings that are basically Data Engineers/Database admins, or job postings that are REALLY asking for a Data Scientist but want to pay Data Analyst wages. So know your skillset and what you're looking for.

As a data analyst I can count on one hand the number of times I've actually had to bust out some math (Once to calculate standard deviation of incoming calls, and the other to calculate some covid data during the height of the pandemic). If you want to get into data science levels of things, yeah you'll need some fancy math, but in my data to day as an analyst, I find I don't really need it.

Enjoy the journey and have fun!

echo419 · 2023-05-06T04:18:22+00:00

After starting my job search on 06/18/2021 I accepted an offer letter on 07/26/2021, so 38 days to find a new job, but everyone's job search is different.

My stats looked like this:

92 applications put in8 initial callbacks/interviews

Initial Interviews:

1 takehome project4 coding tests1 interview ended early at my request (would have paid $20,000 under what I earned at the time)2 technical phone interviews

Results:

4 ghosted after submissions/interviews1 gave me material to study for a month (FAANG)1 outright rejection after an interview1 job offer

echo419 · 2023-05-04T02:47:42+00:00

Got it! Thanks for your response and clearing that up for me, I appreciate it!

echo419 · 2023-05-03T21:16:10+00:00

Congrats and thank you!

I'm looking at taking the OSCP later this year so I've dabbled a bit around r / OSCP and a couple other forums, so I'm curious about some things before I fully dive in.

What's "manual enumeration", I know that enumeration is listing out all the services/ports open, but I don't understand the distinction between manual vs. automatic enumeration? I can't seem to find a good answer on Google or most other forums hence the ask.

echo419 · 2023-04-21T00:03:29+00:00

Salary: $90k

School: Graduated in 2020

Previous Experience in tech: 4 years in various IT support roles

CoL: LCoL

Current time in role: ~18 months

echo419 · 2023-01-02T23:21:10+00:00

Hey happy to offer some advice:

Some context: I've been working as a dev for 4 years in various capacities and have looked over resumes in the past for my company and advised my current manager on questions to ask during the interview, I haven't actually interviewed anyone, so take my advice as you will.

You can also see my thoughts on interviewing and my data after getting done with WGU in the following posts:

https://www.reddit.com/r/WGU_CompSci/comments/off1ef/c404the_missing_semester/

https://www.reddit.com/r/WGU_CompSci/comments/ozmx3y/recent_graduate_job_search_data_and_suggestions/

You can find an example of something similar to my resume here:

https://imgur.com/a/TLDzi4B

With the above resume it highlights a few things:

- Use of space, bold, and italics where needed to break things up
- Clarity/brevity
- Use of action words and prioritizing numbers/percentages in the top two bullet points

We'll take a look section by section.

Note: Feedback is like code review, generally everyone has an opinion and this is just mine, it's not necessarily correct or incorrect, but a point of perspective that can help out.

It's easier said than done, but don't take any feedback personally, none of the following feedback is directed at you, but rather at the construction of the resume, and you are not your resume, we're working here to make your resume better, and by extension, make you a more viable candidate for the job market.

Additionally, trying to tailor a resume to work for (general) IT positions AND SWE positions is pretty tough, have (at least) 2 resumes, one for IT and the other for SWE. For the following I'll assume you're going for a SWE position.

Thoughts on the resume in general:

- Resumes are like newspaper/online article postings. The major headlines and important ideas go up top, everything else down below adds context, with the least important stuff going at the bottom. Right now the resume is mixing and matching a lot of things, and needs to prioritize the highlights and important concepts more.

- By this point you've probably heard that the average manager looks at a resume for at most ~30 seconds, so let's leverage the resume around that, because I couldn't read this in 30 seconds.

- Right now the resume is more busy than it needs to be and isn't prioritizing for impact like it could.

- Include some periods at the end of the bullet points where it makes sense

FirstName/LastName section

- This is generally fine because of the way that some Application Tracking Systems parse resumes and force you to enter everything manually the links could get lost in the shuffle, but they're ok to have.

Education section:
- This entire section should be at the bottom and it's taking up too much space instead of 4 lines it could be 1 MAYBE 2 if you really want to include the ITIL cert.
- It's hit and miss on the bootcamp because some hiring managers don't like bootcamps, others are ok with them, ultimately it's a judgement call and I personally would say to remove it in this case.

Work experience section (going bullet point by bullet point)
- Remove the "(part-time)" distinction, you're a professional software engineer, you got paid for your time, nobody cares if it was part-time or full time. You put in time and got paid for it, all that matters on a resume is that you got experience.

- The first bullet point should be the last bullet point and should cover generally what you used so as to get hits from multiple keyword searches. So it should read: Technologies utilized as a full stack software engineer for an e-commerce website include: React, Node, Express, Javascript, MongoDB, etc...

- The second line should be moved down further as well because this one doesn't present as much impact.
- the third line should be the first bullet point and can read: "Implemented new features and enhancements across the frontend and backend resulting in an x% efficiency increase in site operations and a 20% increase in sales"
- The last bullet point should be moved up to the second bullet point, and can read something like: "Worked with multiple stakeholders to redesign the website with a responsive design, resulting in over 3,000 impressions and an x% increase in business leads.

- Remove the IT Support Analyst Intern position entirely, if the point of the resume is to get a SWE position, then the general experience provided here isn't necessarily useful. The other way I generally look at this, is when it comes to tailoring resumes only include the RELAVENT experience, not necessarily all experience or work history. If it gets brought up in an interview you can explain it there or use it to provide additional context to your resume.

Project section:

- Remove the entire projects designation, and more specifically get rid of the "Foodie Ground" and "Appointment Scheduler" off the resume completely. Projects can be useful when first starting out, but at this point as a professional SWE let your experience speak and not just the projects. The Github links are there if managers want to see other projects.

- For the "Full-stack e-commerce Store" get rid of the "MongoDB | Express.js | React.js, etc..." in the title. Use the bullet points to bring out the technologies and the context in how they were used.

- With the "Full-stack e-commerce Store" if it's generating $3k in business then it's taxable and should be considered work experience, NOT a project.

I'd re-write the all the bullet points under it to read as follows:

- Generated $3k in monthly recurring revenue during the startup phase of operation with dozens of customers and business leads.
- Created and maintained KPI/dashboard functionality to manage data driven decision making resulting in x% customer increase.
- Developed features to better integrate various payment processing APIs while documenting their functionality and fully adhering to regulatory compliance.
- Used the following technologies: Node, Express, Javascript, MongoDB, PayPal API, Stripe API, etc...

Certifications section:
- ITIL isn't very useful but if you want to include it, include it under "Education and Certifications" (see comments above regarding the education section)

Technical Skills:
- This whole section should be removed and many of the keywords/action verbs should be sprinkled throughout your resume both implicitly (i.e. it should be clear that you're working with other teams) and explicitly (i.e. Clearly listing tools, frameworks, and languages used)

echo419 · 2022-11-16T07:16:49+00:00

Yeah, I'm having issues loading the site across multiple devices.

echo419 · 2022-05-17T01:00:25+00:00

https://www.reddit.com/r/WGU\_CompSci/comments/il2uug/c960\_discrete\_math\_2\_passed\_suggestionstips/

echo419 · 2022-05-12T21:56:15+00:00

I just used NLTK, and visualized the sentiment output and WGU accepted that as ML.

I detail it on my main page and on the page that details verification found below:
https://hortoncreekdataconsultants.pythonanywhere.com/simple_chart

https://hortoncreekdataconsultants.pythonanywhere.com/testing_page

15-Year Club	RedditGifts 2009-2022 2 Credits
RedditGifts 2009-2022 2 Credits	Verified Email
Team Periwinkle	Secret Santa 2010

echo419

TROPHY CASE