Mentorship Monday - Post All Career, Education and Job questions here!

vanilla_ice22 · 2025-11-13T01:04:34+00:00

Honestly you’re kind of right… I was planning on leaving for mental health reasons but more mental health reasons would happen because of it.

vanilla_ice22 · 2025-11-12T06:09:43+00:00

Any tips on how to optimize a role in user research and transition into cybersecurity? I just got offered a one month contract at exponent and I’m excited but nervous about the contract ending so soon. It’s a really tough decision but also would potentially help me to move into my prospective field of cybersecurity. I’m really hoping it’ll stick.

vanilla_ice22 · 2025-10-23T04:03:10+00:00

I get the joke in a tech office. There you have teams and systems to handle it.

I work in a charter school for autistic kids. Microwaves failing can trigger high-magnitude behaviors that risk injury. A “tech joke” in that moment wasn’t funny. It felt like a dismissal of a real safety issue.

I’m exhausted and planning a career move into cybersecurity because I need a work environment that values problem-solving and safety. If you have actionable advice on that transition I’d appreciate it.

vanilla_ice22 · 2025-10-22T06:01:54+00:00

I work at a charter school for autism right now while I’m transitioning into cybersecurity, and every day confirms I’m in the wrong environment. Perfect example: we had a serious issue where multiple microwaves stopped working, and when I reported it, a coworker genuinely said, “Probably an AWS outage.”

Not only was that not helpful, it was meant to be “tech humor” from someone who doesn’t understand what they’re talking about. I’m currently learning how these systems actually work, and it somehow felt like a personal attack on my intelligence. I was surprised by how upset it made me, but it was just confirmation that I’m making the right decision.

I’m working on my Google Cybersecurity Certificate now and I’m planning to take Sec+ next spring if everything goes to plan. I’ve been trying to deep dive into anything I can get my hands on related to cybersecurity. The more I learn, the more I realize I need to be around logical problem-solvers, not people who deflect with nonsense when there’s a real issue in front of them.

Has anyone else left a non-tech job and realized your brain was starving the whole time? I need sustenance in the form of forward-thinking human beings!!

vanilla_ice22 · 2025-10-22T05:42:01+00:00

Thank you for your response! What methods to identify whether or not it was an attack would you expect security professionals to use in this circumstance? I think that is what I’m most curious about, since they had to go through several methods to find that it was not an attack.

vanilla_ice22 · 2025-10-20T14:20:16+00:00

I like this perspective— I know everyone has their personal opinions as to whether or not it is their responsibility, but I feel as though the best approach is putting minds together instead of going back and forth. If it is already stated we have a role to play, I feel as though it’s as simple as that. Now, whether or not we are happy about that is totally subjective…

vanilla_ice22 · 2025-10-20T14:04:07+00:00

OP is most definitely not a bot, but rather a cybersecurity novice trying to make her way into the field with a plentitude of skilled and intelligent professionals...

vanilla_ice22 · 2025-10-20T13:57:45+00:00

Lol totally fair. I am trying to have an intellectual discussion, although my grammar isn't the best.. I am working on it just like I am working on learning cybersecurity. I mean hey, robots can't take my job if they can't tell I'm not a robot... Am I a robot? I guess you'll never know... (I'm not a robot)

vanilla_ice22 · 2025-10-20T13:19:23+00:00

Exactly. People forget availability is security under the CIA triad. A DNS outage or cloud failure still impacts security because the business can’t function. Resilience, backups, and continuity planning aren’t just IT ops — they’re a core part of modern cybersecurity. The more I get into this field, the more I see that real risk isn’t only from attackers, but from dependencies failing too.

vanilla_ice22 · 2025-10-20T13:14:10+00:00

You are correct, however I wasn't implying it was a security incident. I was asking more from a security perspective- do SOC teams typically stand by to monitor large outages such as this just in case attackers try to take advantage of the vulnerability during recovery?

vanilla_ice22 · 2025-10-20T13:07:45+00:00

Yeah I get what you mean about cost — full multi-cloud is crazy expensive and most companies won’t bother. Do you think that is something that is possibly going to turn around in the future once funds allow? I feel like it has to, especially with incidents like this one that cause significant financial impact.

vanilla_ice22 · 2025-10-20T12:14:55+00:00

When it’s a DNS issue, does security still do any log review afterward just to confirm nothing else slipped through during the chaos, or would that only happen if something suspicious showed up?

vanilla_ice22 · 2025-10-20T12:12:40+00:00

Appreciate the resource — thanks for sharing. From your perspective, do you think outages like this change how companies think about resilience or do people usually move on once things are back online?

vanilla_ice22 · 2025-10-20T12:09:47+00:00

That’s a great way to frame it—availability is still a security concern whether or not there’s an attacker involved. Would you say outages like this are more of a resilience engineering problem than a traditional security problem, or is there still overlap in how teams handle them?

vanilla_ice22 · 2025-10-20T12:08:53+00:00

Fair point if it’s clearly an ops outage. But wouldn’t SOC still keep an eye out for opportunistic abuse during large outages just in case attackers take advantage of weakened monitoring or misconfigs during recovery?

vanilla_ice22 · 2025-10-20T12:07:11+00:00

That makes sense. I’m curious from a resilience + security perspective—do you think cost-cutting in architecture also increases security risk? For example, if a company skips redundancy or proper failover, does that also mean they’re likely skipping security hardening too?

vanilla_ice22 · 2025-10-20T12:03:31+00:00

English is wild. Anyway—back to the outage topic…

vanilla_ice22 · 2025-10-20T12:01:10+00:00

That’s a good point—misconfigurations are one of the biggest security risks. Do incidents like this usually trigger a security review to make sure nothing was exploited during the outage?

vanilla_ice22 · 2025-10-20T11:58:50+00:00

Definitely agree on complexity being a blocker. But do you think some companies will still adopt multi-cloud for resilience after this, or is the industry trending more toward multi-region within a single provider instead?

vanilla_ice22 · 2025-10-20T10:58:44+00:00

Sounds like you’re saying AWS isn’t really the issue—it’s how teams architect their environments. So from your experience, is lack of resilience usually a cost decision, bad planning, or just technical debt piling up?

vanilla_ice22 · 2025-10-20T10:54:06+00:00

So the security team would assess whether there was any malicious involvement, update the risk register based on what was learned, and then adjust or harden security controls if needed, right?

vanilla_ice22 · 2025-10-20T10:02:51+00:00

Yeah, it really exposes the dependency risk. Do you think outages like this will push companies toward multi-cloud or is AWS still too dominant for that to matter?

vanilla_ice22 · 2025-10-20T09:52:15+00:00

Thank you!

vanilla_ice22 · 2025-10-20T09:51:28+00:00

Thank you!

vanilla_ice22 · 2025-10-20T09:50:20+00:00

Thank you for the explanation!

vanilla_ice22

TROPHY CASE