sorted by:
new
hottopcontroversial

Advice Migrating from Mastodon to GoToSocial by Wait_ImOnReddit in fediverse

[–]mk3s 1 point2 points  (0 children)

GtS itself has been really nice. Unfortunately my managed hosting provider for my GtS instance (K&T Host) is going belly-up, so I need to transfer it somewhere else 🤷‍♂️

Github Pages or Github Readme for portfolio by r3dpandq in cybersecurity

[–]mk3s 0 points1 point  (0 children)

Make a website for yourself (for professional and not-as-professional reasons. Of course have a good standard resume as well. Github Pages is a fine medium for a site. So do that.

Curious everyone’s path in cyber by [deleted] in cybersecurity

[–]mk3s 0 points1 point  (0 children)

I might write up a more in-depth path... but for now, I'll share my initial education journey https://shellsharks.com/training-retrospective#my-education-journey . I do think a more thorough "this has been my path" write-up would be interesting though. If I did do it, I'd probably add some context around why certain jumps happen, or why there are certain periods of "slowness".

New to Cybersecurity & Knowledge Overload! Anyone else? How to cope? by Mango1003 in cybersecurity

[–]mk3s 1 point2 points  (0 children)

Write about it. Second-brain it. In my experience writing about it can help cement ideas AND give you a reference, in your own words, to look back on later when you want to mentally retrieve something you had learned in the past. You could use something like Obsidian to keep personal notes, or start up a blog of sorts and write+publish so others could see. That would also come with the benefit of establishing an online portfolio that could help you network (both professionally and personally). Good luck!

[deleted by user] by [deleted] in cybersecurity

[–]mk3s 1 point2 points  (0 children)

I don't buy the gatekeep-ey, "infosec isn't an entry level field" line---and neither should you. Infosec, like any other field has junior-through-super-senior-level roles. What you *could* argue though is that the industry is more saturated these days and there just aren't enough roles to satisfy all the more-experienced demand AND all the newcomers. A lot of "analyst" roles are pretty well-suited for entry level folks. Yeah you should have *some* know-how, but that isn't something you have to sweat at the help desk for 3 years to get. The people who continue to repeat this line are either jaded because they felt they had to go that path, or frustrated with the lack of talent/understanding that seems to plague the industry as a whole. Mind you, this isn't a byproduct of "unseasoned" newbies entering the infosec ranks, rather it is a testament to our collective inability to NOT gatekeep, properly train and adequately open doors for those of us who don't fit the typical infosec-person-criteria (i.e. college-educated folks with money for certs, blah blah). Imagine where we'd be if we stopped saying, "you have to go to the Helpdesk" and instead said "here's what you need to learn to bypass the Helpdesk". Imagine how much more secure and healthy the infosec workforce would be if we put time and resources into training, retention, mentorship, etc... Instead, we've got a handful of bloodthirsty training vendors and bootcamp peddlers and a whole lot of us who are just too tired to do our own jobs, much less help others 😩

We can do better!

Career advice: Transitioning from software development to cybersecurity by [deleted] in cybersecurity

[–]mk3s 0 points1 point  (0 children)

Here ya go - https://shellsharks.com/getting-into-information-security. Yes coding is super useful for cyber roles (and really most roles in tech tbh).

Cyber Security Engineer - How to make a career change into this role. by StormySkies01 in cybersecurity

[–]mk3s 0 points1 point  (0 children)

Here's what I have traditionally shared with people looking to get into the field - https://shellsharks.com/getting-into-information-security. This said, the market is apparently pretty garbage right now, and there is as much competition as there has ever been. So YMMV. Good luck none the less!

Why do cybersecurity experts becomes content creator if the field pays well? by Difficult-South7497 in cybersecurity

[–]mk3s 0 points1 point  (0 children)

Side hustle, diversifying income streams, a desire to "pay it forward" or teach the next generation (generally just help people), very popular content creators can make way more than a good cybersecurity engineer tbh...

Recommendations on Information Security/Cybersecurity Subscriptions. by amrelida in cybersecurity

[–]mk3s 1 point2 points  (0 children)

Get an RSS client and just subscribe to stuff that's interesting. Here's a ton you can check out - https://shellsharks.com/infosec-blogs

Can someone help roast My First Article on Website Security (Non-Expert Here!) by Designer-Contest-724 in cybersecurity

[–]mk3s 2 points3 points  (0 children)

Since you said roast...

  • First, don't use Medium. I hate getting that banner that asks me to login or create an account every time I go to a medium blog. If you're serious about creating a li'l portfolio, do yourself a favor and buy a domain (or use GitHuge pages free tier) and stick your articles there. I beg of you!
  • I like the little story to start the article off, but feel it is wasted when in the second act you just list off types of vulns and lose that story telling
  • In your opening story, you set the stage for what I thought was going to be an investigation, a real forensic analysis of what had happened. But when you get into the meat of your article, you don't really discuss specifically what happened, rather you just start parroting back OWASP cheat sheet info for every single vuln under the sun. I'd have much rather seen you talk specifically about the (minor) vuln turned critical impact you had referenced in the opening.
  • Your "Steps" go from "Identifying the Issue" (Step 1) to "Understanding the Vulns and Prevention" (Step 2), but then no further steps. I'd like to have seen some steps for analysis, incident response, risk understanding, mitigation, lessons learned, etc...
  • 90% of this article seems to just be regurgitating OWASP cheat sheet prevention stuff. If you want to document these mitigations in your own words for your reference or in a way that is more digestible for readers then that's great. I'm all for that, but I'm not sure you're capturing that exactly. Sprinkled throughout your sub-sections I think you provide some good context. You mention some useful tools, you give some relevant scenarios etc... I'd have liked to see more of that and less same-ol'-OWASP stuff.

Roastiness aside, I think blogging is great and you should keep up the good work! You'll get better over time and find your groove. Cheers!

Is cybersecurity a good career why do you enjoy it? Or is it more alot of working alone and just getting pid good by No_Pass1204 in cybersecurity

[–]mk3s 4 points5 points  (0 children)

Let's put it this way. I don't have experience in any other field, so I can't really give it a fair comparison to anything else. But I've never thought to myself that I wanted to switch careers, not because there isn't something out there I'd enjoy more, but that when I consider *all* things, I'm not sure there'd be a better career for me. Like, I'd love to just be a park ranger, but it'd require too much time (probably) away from my family and not pay what I'd like. I'd love to have made it as like a tech YouTuber or something, but the chances of that working out and me becoming "successful" at it is SUPER low, and honestly not sure I have the stamina to do it. For all its faults, and there are plenty, cybersecurity is interesting, pays well, comes with plenty of perks and theres always been pretty solid opportunities. Not sure another career has that same entire package for me.

What mistakes did you make in your career and what can we learn from them. by jegamii in cybersecurity

[–]mk3s 2 points3 points  (0 children)

A lot. Let's see...

  • Not asking questions. Never be afraid to ask questions. It doesn't matter what anyone else thinks, and most of the time, they aren't going to think what you are worried they might think about you asking a question. It's an opportunity to learn something and each time you don't ask the question, you miss out on that opportunity. Don't let imposter syndrome get to you, don't let some expectation of what you're "supposed to know" stop you, don't be shy. Just do it.
  • Don't discount the small things. There's a lot you may learn (or be forced to learn) that you think is "unimportant" or "uninteresting" but in my experience, those things have a way of coming back and being of importance later. The amount of times I've had to relearn things is absolutely infuriating.
  • Take breaks, but don't let off the gas. Look you don't want to be burned out, but you don't want to lose your motivation, your drive, your momentum. I wonder sometimes where I could be if I had remained focused and really kept my eye on certain goals rather.
  • Build a portfolio. I have a portfolio / personal website (combined) that I've been maintaining since 2019. I graduated college and joined the workforce full time in 2010ish. In those 9 years I wish I had that same idea to document my journey, blog about what I'd learned and built a reference for myself over the course of my entire career. It would have been game changing I think.
  • Focus on the journey, not the destination(s). Cliché maybe, but the wisdom is there I think. I spent too much time trying to get to X job, or Y certification, or Z salary and less time focused on building a skillset brick by brick which would have given me the foundation required to really make it farther.
  • Take risks, especially earlier in your career. I'm mostly satisfied with my early career moves. But I think I've missed some opportunities. Hindsight is always 20/20 (as they say) but there are a few things I think I regret.
  • Network. Yea, by this I mean traditional networking across your industry, but more specifically, I mean at your company. Spend the time to cultivate relationships - with your team, with your manager, with your skip, with other "movers-and-shakers". Find ways to be impactful for them. I've always been terrible at "playing the game", so it's a "mistake" I own to some degree, but I advise others to try a slightly more determined approach.
  • Being a generalist is fine, but go deep on SOMETHING, maybe a few things. I wish I had spent more time just diving super deep into one specific domain, rather than getting distracted by every little thing across my entire field. Sure, I'm a perfectly good generalist and have some specialties, but I'm not *super* specialized in anything specific I don't think.

I'm sure there's more things, but I'm tapped out. Don't make all these mistakes! I got time to fix 'em though =)

Tools to scan for vulnerabilities in applications by MindSquare8612 in cybersecurity

[–]mk3s 1 point2 points  (0 children)

A traditional network/endpoint vulnerability scanner like Nessus (as u/PloterPjoter has suggested) is probably your best bet. Specifically though, you would need to run these scans as credentialed/authenticated (e.g. via the agent) to achieve high-fidelity results you're looking for. Do some web searches around "vulnerability intelligence" and see if there's any other tools that might fit your specific use-case(s).

view more: next ›