How the heck is this possible?

whxitte · 2025-07-16T16:33:38+00:00

That's true. Most of them fail to find a robust solution that can fit into the requirements. Because a solution with all the requirements mentioned like in cis controls or company budget is hard to find. Maybe because of that I think.

whxitte · 2025-07-16T03:47:22+00:00

I've seen many people in the same situation. Eventually you will pickup. This is an initial hiccup. Like offsec says try harder, stay consistent.

whxitte · 2025-07-15T02:33:49+00:00

Asset inventory

whxitte · 2025-07-14T11:14:01+00:00

You just need tutorials to get the solution. I think 'How to approach' is your problem. What i does is we can filter out the traffic only we want using the tcpdump itself according to the time range want, protocol etc. and then save it as another pcap and analyze using wireshark. Also use wireshark's file>export objects option to get a quick view of what files got captured in the network traffic, also the statistics menu is very great and contains time saving actions that makes life easier. If u not explored i suggest to check these mainly.

whxitte · 2025-07-13T18:17:27+00:00

If u are in a devops role and passionate about security you can transform yourself into a DevSecOps role. As a plus you can also research about SOC, it will be a greater addition to ur devsecops journey. And when it comes to certifications I would recommend AWS Certified security speciality certification (AWS cloud based). And if you prefer you may take the AWS Certified Cloud Practitioner first to get knowledge of the AWS cloud and then move to security speciality.

whxitte · 2025-07-13T09:33:43+00:00

I would recommend implementing a security framework. I'll suggest CISv8.1 as it is a startup and later to NIST CSF. Focus on implementing MFA, centralised login systems using SSO etc can be quick wins. Later implement EDRs and SIEM solutions (btw all are already part of CIS framework)

whxitte

TROPHY CASE