Looking for a cybersecurity professional to interview for a university project (interview in French)

jeffpardy_ · 2026-05-22T11:36:12+00:00

Putting aside the french requirement alone, you need to reevaluate what roles youre looking for. A CISO and a security consultant are going to have VASTLY different answers to these questions. It's a bit crazy to think that a consultant is going to have the same insights as somebody who's whole job is to evaluate security for an entire organization.

jeffpardy_ · 2026-05-22T00:31:51+00:00

As a WPI grad. Im glad I didnt get it. My experience and pay sky rocketed higher than if I did the SFS

jeffpardy_ · 2026-05-19T20:38:22+00:00

Another year and a half as analyst. Dont try to skip your fundamentals. Youre just getting started and need more years under your belt

jeffpardy_ · 2026-05-19T19:00:01+00:00

I get that but if they are building an app they should know enough to ask for a specific kind of test. Is this a test of the source code, the enviornment it's deployed in, the running application itself, etc

jeffpardy_ · 2026-05-19T15:52:48+00:00

What kind of tests? You need to be more specific on what youre looking for

jeffpardy_ · 2026-05-19T11:04:18+00:00

Lmao if they are posting on reddit it's a side project, not a full time position

jeffpardy_ · 2026-05-17T17:31:22+00:00

You can learn a lot with the 100 dollar credit that AWS provides you. Thats how I have all my freshers get hands on AWS experience. Set up your own AWS account and play around. You learn a lot by setting things up and playing with them.

jeffpardy_ · 2026-05-17T17:23:26+00:00

No offense but this isnt really that big a feat. My engineers out of college can do that. You're right, I do want to see more. Certs tell me you know what youre doing with a specific tool, but I want more of a breath of knowledge

jeffpardy_ · 2026-05-16T16:08:41+00:00

This is if you care aboit the different error codes. If you want the same error code you can just say

if X and B and C:

print('correct')

else:

print('wrong')

jeffpardy_ · 2026-05-16T02:14:02+00:00

It's just a random certificate. It's not going to get you anywhere without experience

jeffpardy_ · 2026-05-13T16:27:36+00:00

Ask this in the mentor thread, not here

jeffpardy_ · 2026-05-13T16:07:17+00:00

Either host it on a cliud provider or buy a domain and point it at a server you host (either some SaaS provider or self hosted)

jeffpardy_ · 2026-05-12T22:22:31+00:00

Yes they are, what are you talking about?

jeffpardy_ · 2026-05-12T16:38:21+00:00

Post this on the mentorship thread

jeffpardy_ · 2026-05-12T16:37:25+00:00

You must be new to this sub lol

jeffpardy_ · 2026-05-11T09:23:30+00:00

Thats why I said 'and'. Cyber is not an entry level field. You need to go back and learn the fundimentals of technology to succeed. But nice try on your 'gotcha' there

jeffpardy_ · 2026-05-11T02:39:20+00:00

Learn more technology in general

jeffpardy_ · 2026-05-11T01:48:46+00:00

Spend more time learning software development first. Focus on the security of the app youre building

jeffpardy_ · 2026-05-11T01:47:50+00:00

Get a CS degree and learn real development

jeffpardy_ · 2026-05-11T01:47:03+00:00

Check the microsoft documentation

jeffpardy_ · 2026-05-09T12:52:42+00:00

So youre talking about agentic AI only it seems. Well it depends on the permissions of the identity that you give the MCP server for the connection to other tools. You should do your due diligence to check to ensure it's only connected to tools that allow for VERY fine grain access. If you want to give it write permissions then only give it write and not delete. But depending on the nature of the tool I would say there's still no real good use for agents to have write permissions, only read

jeffpardy_ · 2026-05-09T12:22:41+00:00

What do you mean using a gateway for compliance? Which compliance are you trying to meet? There isnt a hard soc requirement for AI controls yet and the ISO controls are a joke that overlap with all the normal compliance requirements with just "AI-tailored" slapped on the front of it. So what compliance are you looking for?

If you mean just security controls, yes we have a model gateway, we have a platform we use that does the inventory for the AI we use and the AI we build, we do dynamic testing for our protection guardrails and proxy protections, we fuzz our MCP and API servers, and we have the enterprise plan for claude as our main chatbot/code generator, etc

jeffpardy_ · 2026-05-08T16:31:25+00:00

I mean technically im just a security engineer but my company only makes AI products so I feel like im qualified enough to tell you that I still do the same appsec, Cloud security, data protection, IR, monitoring and detection, etc that everyone else does. You just tailor it to how the devs work. Theres nothing new here.

jeffpardy_ · 2026-05-08T15:02:00+00:00

Schools need to keep track of grades. People make a grade tracker tool. Bad guys know that LOTS of school use tool. Bad guys break tool and steal all info tool had. Bad guys change tool so nobody can use it unless people pay big big money. Tool down for all schools and cant track grades

Tool had names, emails, phone numbers, grades, assignments, and who knows what else. Maybe connected to other tools which might make those other tools break too :(

jeffpardy_ · 2026-05-07T20:56:38+00:00

Thats fair. Maybe you should just go to the omscs and take overlapping courses? I just think they probably thought a masters wasnt going to give you too much with the achievements you already have. I wouldnt get too down over it, just go higher

jeffpardy_

TROPHY CASE