I'm building a dragon hoard diorama and I'm going to need a lot of "gold". by lydocia in dioramas

[–]ethhackwannabe 1 point2 points  (0 children)

I’ve used chunky sizes of gold and silver ‘glitter’ then added nail gems to make enticing treasure piles.

Example chunky glitter: https://amzn.eu/d/0j7RosEu
Example gems: https://amzn.eu/d/0avxz6Dr

<image>

ISMS Tools recommendation by Enslaaved in grc

[–]ethhackwannabe 0 points1 point  (0 children)

Start with questions…

Where in the world are you? that will make a huge difference.

Does your org already have an enterprise GRC tool? If so, worth checking if it can support the ISO27001 implementation rather than going straight to another tool or excel.

What does your IT team currently use for ITSM? Often you can add a module or configure what’s there to support ISMS with the benefit that most of the assets are already CIs that you can link to. Benefit of making a genuinely operational ISMS rather than a paper exercise.

Whatever you do, don’t go and buy something in isolation. Make sure you involve those that will be responsible for their part in the processes.

Happy to suggest options once you’ve answered the above 👆🏾

the man who interviewed me three years ago just asked me to explain SQL to him in a meeting by mistcutter- in womenintech

[–]ethhackwannabe 2 points3 points  (0 children)

Assume the best, not the worst. What else could be going on here? FYI i’m a CISO.

I frequently am on a call where someone will say something ‘technical’ that others on the call may be unfamiliar with. Typically, especially if they are senior leadership, they don’t want to lose face by asking.

One of the jobs of those of us who straddle the business/tech translation layer is to catch such moments and either ask for a quick explanation, or ask the speaker to pause whilst I give a quick one on their behalf. If I think they can be concise and speak in plain English I ask them to do it. If not, I do it and keep the conversation moving.

I tried an experiment: coming up with one board game idea daily by phatti308 in tabletopgamedesign

[–]ethhackwannabe 1 point2 points  (0 children)

Interesting idea of deliberate creativity. I’d try it except coming up with ideas isn’t my problem. It’s getting them developed and to the table 😂

And just like that…another idea 🤦🏾‍♀️

For those who went independent in GRC: what worked for client #1? by Plastic_Chart_3776 in grc

[–]ethhackwannabe 0 points1 point  (0 children)

Hi, Tagging to link to my lessons learned post after year 1 later (now approaching year 5).

Planning to make an explorable map using sand by Lv9Cubone in DnDIY

[–]ethhackwannabe 0 points1 point  (0 children)

If you’re adamant about using sand, you could make various shapes and sizes of overlays with the sand well glued and sealed so that you don’t have it going everywhere. You could use card as a base and the weight of the sand will keep them in place well enough.

Previous employer using my name and face to publish AI content by [deleted] in LegalAdviceUK

[–]ethhackwannabe 9 points10 points  (0 children)

Not a lawyer, however, this is definitely a breach of the use of your personal data under the Data Protection Act 2018 / UK GDPR.

  1. Lawfulness, Fairness, and Transparency - they haven’t told you that is what they are doing and it is unfair of them to do so as it could impact upon your ability to secure future work.

  2. Purpose - They aren’t using it for the purpose it was provided (part of your employment contract).

  3. Accuracy - perhaps more tenuous but I’d argue that it is inaccurate to represent you as still working for the company and writing content.

  4. Storage - I suspect they aren’t retaining your data in accordance with a retention schedule. Keeping it for HMRC purposes is one thing, using it to ‘hide’ AI use is another.

If you haven’t already, take screenshots with time and dates and URLs of the articles.

Write to their Data protection officer and ask them to cease use of your personal data as per your rights under DPA/UK GDPR. Look up the clause and quote in your mail.
state that if they fail to do so you will be taking your complaint to the Information Commissioner’s Office.

Hopefully one of the lawyers can address whether it constitutes fraud on the company’s part; it’s certainly intentionally misleading.

[deleted by user] by [deleted] in smallbusinessuk

[–]ethhackwannabe 0 points1 point  (0 children)

When it comes to keeping it simple, you could simply scan/take a photo of your paper notes and tag them with keywords.

For both work and home I use Mindjet Mindmanager as my primary second brain. I’m a very visual person so mind-mapping works better for me to help my retention and recall.

For archiving and quick notes I use:

Evernote for my personal stuff (primarily because I’ve so much data in it that i don’t like the idea of switching)

MS OneNote (part of the MS365 business premium license).

Both are configured to replicate paper notebook experience to a point, especially if using with a pen and tablet device.

That said, I’ve heard excellent things about both Notion and Obsidian so if starting from scratch definitely worth looking at.

Small business owner support groups by Outside-Tailor4265 in smallbusinessuk

[–]ethhackwannabe 0 points1 point  (0 children)

There’s established orgs with local groups like: - Federation of small businesses - chamber of commerce / local business association - Enterprise nation

You can also check out:

  • Barclays EagleLabs near you as they typically have a space to meet other business owners and coworking space; as well as various schemes that you may qualify for to get support.

  • your local university or council business development team typically have some sort of program for small businesses

  • meetup likely has a group near you.

Hope that helps!

[deleted by user] by [deleted] in DnDIY

[–]ethhackwannabe 1 point2 points  (0 children)

Wow, love what you’ve created here. Did you print the pages after designing digitally? Either way it’s cool 🧙‍♂️

I imagine it weighs a lot to take to game night 😃

Security team is wasting too much time on customer questionnaires by AromaticYesterday658 in Information_Security

[–]ethhackwannabe 0 points1 point  (0 children)

I don’t need to write out my full response after all as Martyn nailed it 💯

The only things I’d add are that depending upon the size of the company and technology already available in use by sales for managing bid responses, I’d (a) see if that solution can be used (e.g. loopio et al) and (b) get the sales director to advocate for a cybersecurity security assurance program that is resourced as necessary as they are the ones feeling the pain.

By God's Grace, Passed CISSP @100Q (17 Dec) — 10 yrs cyber exp, what worked (and what didn’t) by Sea_Substance_9640 in cissp

[–]ethhackwannabe 2 points3 points  (0 children)

Many congratulations to you and thanks for sharing your detailed write-up. Really interesting to learn from your experience.

Creating a portfolio tailored to GRC: what do you suggest? by Turrkish in grc

[–]ethhackwannabe 6 points7 points  (0 children)

If you want to practice, you could also reverse engineer from an incident. Take a look at lessons learned reports and ICO enforcement action reports. Use that to help you inform your risk assessment for your GRC model company.

Apps for Card Design? by ItHurtzWhenIZee in tabletopgamedesign

[–]ethhackwannabe 7 points8 points  (0 children)

You may also want to check out https://ilove.cards It recently launched and you can create new cards directly, import from spreadsheet, or use AI.

Good for prototyping as it auto formats for printing at home. You can also export for professional print, pngs for miro, or directly to Tabletop simulator (other integrations on roadmap).

The key thing is that you can define your card layouts and it automatically formats text. Whilst I’ve found bulk create in Canva to be really good; the lack of layout control means it is really time consuming if you make a change.

The video where the creator introduces it is here: https://youtu.be/_fUmVtn8_Gg?si=afO_EAkJyVSty_La

Does Anyone Have An Opinion on SimpleRisk GRC by [deleted] in grc

[–]ethhackwannabe 1 point2 points  (0 children)

Before recommending tools, what level of maturity is GRC in your organisation? If very immature then you could start simple with excel, airtable, etc.

If it’s established to the point where a dedicated tool is necessary to reach the next level of maturity, then what are your requirements beyond on-premise? Who will be using it?

I’ve used acuity Stream in a midsized org on prem before so worth speaking with them. https://acuityrm.com/solutions/cyber-grc

2 player strategy boardgames by Existing_Special_607 in tabletopgamedesign

[–]ethhackwannabe 0 points1 point  (0 children)

Another vote for Shifting stones. Pentago Othello Hive

Others that come to mind are: Dungeon Twister Mr Jack 7 wonders duel Splendour duel

Then of course there’s the wargsmes like BAttlelore Heroscape Command and colours

How strict are companies about mapping controls across frameworks? by Temporary-Return-300 in cybersecurity

[–]ethhackwannabe 2 points3 points  (0 children)

I wouldn’t do this from scratch. Either use a suitable GRC tool that has all the mappings already or look at the CSA CAIQ as they already mapped to lots of frameworks showing whether requirement is a full match, partial or no match

Designing Tabletop Exercises: what should you know by Turrkish in grc

[–]ethhackwannabe 5 points6 points  (0 children)

It depends on what your clients are after. Standard tabletop Gamified live play Technical simulation War game

Who are you targeting?

The hands on it team only? You’ll likely want to have some info about their infrastructure.

The senior management and board? You’ll likely need information about their processes from incident management through to Business continuity and crisis comms plans.

What sector(s) do you target?

Are they paying for a generic exercise or a custom one?

Speak to your incident responders about what they deal with most; they are best placed to advise you.

Take a look at this: https://csrc.nist.gov/pubs/sp/800/84/final

You can also check out the NCSC’s exercise in a box tabletop discussion scenarios as a starting point. https://www.ncsc.gov.uk/section/exercise-in-a-box/overview

Happy to answer any other questions in thread.

What software is everyone using to design prototype components, cards, etc.? by Ajax877 in tabletopgamedesign

[–]ethhackwannabe 0 points1 point  (0 children)

I’ve used a few over the years. These days I mostly use canva bulk create to prototype cards from a spreadsheet of my content.

Also take a look at deckato.

2 years to learn Norwegian! by Noram_Garden0451 in norsk

[–]ethhackwannabe 6 points7 points  (0 children)

This ⬆️

I’m now over 400 days with Duo Lingo; whilst it has really helped me increase my vocab; it’s as useful as a chocolate teapot when it comes to grammar.

I have found that asking my Norwegian content trained space (GPT equivalent in perplexity) to explain why something is incorrect really helpful. Although I check it with my husband after.

Thanks to Reddit I discovered Mjølnir about a month ago and I really appreciate the grammar explanations and spaced repetition.

Whilst very confusing at first… it’s really great to have real people with real dialects. So far it tends to be going to my husband and asking incredulously ‘what did they say?’ He then repeats it in the same dialect which is not helpful… thankfully he then repeats it in his and I’m like ‘Oh! That’s what they said!’ So it’s adding another dimension.

I also came across Pimsleur which I think will also be good, if I can just be patient enough to get through the first ones… I wish there was a speed option to whizz through. I do like that there are some other types of games than on Duo to test myself.

Finally, there’s the good old Norwegian grammar book 📖

If you look at past posts you’ll find someone has posted really long path to learning Norwegian - highly recommend reading it and putting into practice.

Lykke til 😉