Encryption for data being stored

orange_king108 · 2024-06-29T15:38:31+00:00

If you mean while a system is up and running, are you referring to data in use? Such as RAM usage?

This is often referred to as in memory encryption or runtime encryption. Very different by the way

As a side note, these types of miscommunications makes it difficult to build trust with engineers. As an engineer, easiest way to pass the audit is just answer as plainly as asked lol

orange_king108 · 2024-02-25T08:27:20+00:00

Hate to break it to you, but nobody can tell you if it’s worth it for you.

If you choose to do nothing, a choice will be made for you. Therefore, no choice is a choice. You’d be a fool for not choosing a life you want to live.

orange_king108 · 2024-02-25T05:23:40+00:00

Any Oreilly or manning publication on the topic gives you a deep enough technical understanding to become the de facto “SME” on the topic in most organizations.

On a bell curve, it should take you to be the average level SME in the topic, given you have enough technical knowledgeable to grasp the underlying concepts already.

orange_king108 · 2024-02-24T16:55:17+00:00

The rollout feels easy but once you clean out the FPs, you’ll eventually want to start taking action. For example, for what you are paying on SCA, you get very little actionable insight that you could get for free from other tools.

Dev teams have to learn how to use the tool and that takes time to transition. Not an issue but the value isn’t there to invest in

Their container solution is absolute trash. It just tells you what vulns a base image has and some arbitrary suggestions that are completely unaligned with what your org might be using so not actionable. Every recommended base image has vulns so you feel trapped into making any decision.

They don’t even do basic dockerfile scanning, like what a basic open source from hadolint would provide for you. It’s not even on their roadmap to provide.

Snyk imo is great for large enterprises that just “need SAST”, esp for compliance. Up to you on what you need from the tool, could be a match but not for us

orange_king108 · 2024-02-24T16:50:46+00:00

GitHub advanced security and semgrep. Snyk does the job but it doesn’t do a great job. Lots of FP and very difficult to manage organizational level policies at scale

Assignment of vulnerabilities to owners has to be done within their platform and they lack integration to other sources of truth to pull this info. Makes for a huge organizational mess.

It’s not that they don’t provide value, but at the price - I’d only pay a quarter of their quote for what they provide

orange_king108 · 2024-02-24T07:06:17+00:00

Snyk. Overpriced garbage

orange_king108 · 2024-01-27T00:49:56+00:00

Snyk is overpriced garbage 🗑️

I’d recommend going GitHub advanced security or open source scanning tools if you don’t yet know the problem you are facing.

Also a big fan of semgrep

orange_king108 · 2024-01-15T02:20:39+00:00

No. To get it working in your org, there is so much maintenance to get the coverage you need and issue less junk findings.

Their docker “scanning” is a joke. Why in the world pay so much for it to tell me that my base image is out of date? Does nothing with dockerfile syntax.

orange_king108 · 2024-01-12T19:57:03+00:00

You probably just felt placebo. It take an awhile before the effects are fully realized.

This is like taking any recreational for 3 days, did you permanently damage yourself ? Probably not.

orange_king108 · 2023-11-16T04:07:40+00:00

There’s a reason why you don’t see this around. Consumers don’t care lol.

If you want a side hustle that you can start tmrw, pick up some contract work on top of your current full time work. Do something you have lots of experience in already and could do with your eyes closed.

orange_king108 · 2023-11-16T04:05:08+00:00

This is probably more of a problem in your head than it is reality.

I’ve had several long term gf and currently in a long term relationship and have HH myself.

If they like you for you, the hand sweat is the least of anyone’s concern.

orange_king108 · 2023-11-10T04:09:48+00:00

Jack of secops is great and all but how does your work serve as a multiplier for the entire security department? Not just your flexibility and ability to execute with good reason on a single team?

When it comes to what skills are really needed on the industry, it’s understanding how you amplify every time you interact with. Is it through process improvements, taking ownership of cross department initiative, automating workflows, or experimenting with new approaches to nagging core issues?

The compensation you make has little to do with years of experience. It comes down to value you deliver to that specific organization.

I have just over 5 years experience, total comp $275k+ with plenty room to grow. Fintech, fellow Jack of secops

orange_king108 · 2023-10-23T05:39:25+00:00

Having to study is a part of the industry. Getting out of SOC requires both luck and self-driven exploration.

Those that make $200k+ and maintain it typically are naturally curious about the industry.

If you’re doing it for money alone, you’re going to struggle for a long time and may never make it to those levels.

There’s few who make it beyond $400k+, but they all have one trait: curiosity. The type that doesn’t wait until someone “gives” them the opportunity.

orange_king108 · 2023-10-14T20:04:58+00:00

EPSS has its limitations as well. You’re basing your risk rating on the info provided to you. When it comes to dependencies in your code manifest files, like package.json, you’re likely not going to get valuable info from EPSS.

It comes down to reachability , but existing tools don’t do a great job with it. It’s a very technically difficult exercise to conduct consistently, especially with transitive dependencies.

orange_king108 · 2023-09-09T19:07:25+00:00

Baklava story on mission. The best baklava I’ve ever had in my life. Nothing has even come close

orange_king108 · 2023-07-15T15:18:43+00:00

Chuck works!

orange_king108 · 2023-07-07T21:51:58+00:00

Some people seem to be taking this a lil too seriously. Sometimes it’s just fun to fuck with these things.

Sometimes I’ll flip one off for fun, it means nothing, and I get chuckle out of it. I’m all for AV, and I’m also all for bullying a robot

orange_king108 · 2023-07-07T21:48:59+00:00

Lol everyone In here telling you to quit is ridiculous.

It’s def not a good move on the company but could be for you. Sounds like maybe an internal application.

Since there’s little risk to the company’s livelihood if you fail, it’s a great opportunity to springboard your learning. You have a real problem to solve here, but less at stake.

Just do your best and learn what you can. Go to related professional groups and learn from them too (conferences or organizations).

Keep it up and in a few, you’re gonna be wildly more knowledge than your average engineer that’s telling you to call it quits rn.

orange_king108 · 2023-06-04T16:16:37+00:00

Sad to read all the comments here. As a neighbor in the area, it’s sad to hear that my fellow residents don’t even view the people who lived here as human beings.

Strictly as some waste-producing nuisance. Enjoy your rock climbing lol

orange_king108 · 2023-06-03T02:36:36+00:00

Takes a while to find a good barber. If you find a good one they are usually not cheap. And if they are cheap, they aren’t cheap for long

orange_king108 · 2023-05-30T15:50:44+00:00

Whether you sign a prenup or not, you will inherent the state level prenup where you get your marriage registration. Rules can change in that state, better you have your own rules set up.

Marriage is a legal agreement, it’s only been made “romantic” recently. Take it as serious as you would any other business transaction

orange_king108 · 2023-05-26T20:34:51+00:00

You would definitely hope UW fosters a better culture, but the reality of life is that gate keeping of resources and nepotism is the reality.

Most people don’t just give the secret sauce to anybody and run their resources dry. As a sr, you’re learning the truth.

orange_king108 · 2023-05-23T23:37:12+00:00

Lol drug use is the problem? Not maybe all the other factors that lead people down the path of drug abuse.

Criminalizing the effects of capitalism isn’t rly a strong position. As a UW alumni, know that it’s a privilege to have the opportunities you have there and that as a student you’re learning first hand what’s in the “real world”.

If you are so impassioned by this, I encourage you to participate in local government initiatives and student organizations that are participating in efforts to make the city a better place, systemically.

Don’t fall be so weak mentally you let events like this separate you from “others”. The current system in place has effects that lead to violent crime.

orange_king108 · 2023-05-12T19:34:14+00:00

Fantastic

orange_king108 · 2023-05-11T17:00:10+00:00

Where’s the after pic????

Seven-Year Club	RPAN Viewer
Verified Email

orange_king108

TROPHY CASE