noUsernamesLef7

joined 1 year ago
[–] noUsernamesLef7@infosec.pub 1 points 9 months ago (1 children)

You make it sound as if it's a thing of the past when it is still a common problem.

[–] noUsernamesLef7@infosec.pub 1 points 9 months ago (3 children)

And yet injection is still #3 in the OWASP Top 10

[–] noUsernamesLef7@infosec.pub 2 points 9 months ago

I set up Netbox recently at work to try and improve the abysmal documentation situation. I use an Ansible playbook to provision and set up the server, then copy a docker compose file and start the containers. So far I'm loving Netbox, I just wish my predecessors had documented things from the start.

[–] noUsernamesLef7@infosec.pub 3 points 9 months ago

Namecheap + the dynamic DNS client in pfSense. No issues sinve I set it up years ago.

Before that it was a cron job that updated through the google domains api.

[–] noUsernamesLef7@infosec.pub 3 points 9 months ago

Da Archive maybe? Most of my stuff has come from there.

[–] noUsernamesLef7@infosec.pub 5 points 9 months ago (1 children)

I recently set up and started using MediaTracker for this purpose. It's kind of barebones, but functional. Seems like its biggest difference with movary is that it also covers TV, ebooks, audiobooks, and games.

I have a little section for movies and books on my website and i've been working on a script to automatically pull those lists and reviews from MediaTrackers api each time I build my site.

[–] noUsernamesLef7@infosec.pub 5 points 9 months ago

Stay suspicious. As a security guy, i'd way rather respond to 1,000 false positive reports than have an employee that doesn't think about it and just clicks.

[–] noUsernamesLef7@infosec.pub 4 points 9 months ago

It is a great step but it's rare to have enough buy in from upper managent to enforce any real consequences for repeat offenders. I've seen good initial results from this kind of phishing testing, but the repeat offenders never seem to change their habits and your click rate quickly plateaus.

[–] noUsernamesLef7@infosec.pub 3 points 9 months ago

Thanks! This is actually exactly what I have been basing my efforts on so far, it's just sobering to look at how far away we are from completing implementation group 1.

[–] noUsernamesLef7@infosec.pub 1 points 9 months ago (2 children)

I just started my first official cybersecurity position at a medium size company in an industry that is currently being heavily targeted with ransomware.

I'm starting pretty much from scratch as they have not had a dedicated security role in over a year and my predecessor didn't make much progress. So far i've been focused on inventory lists, policies, and procedures for hardware, software, and data. I think we're doing okay with minimizing stuff thats internet facing and patching is in a good place (well, at least with the devices and os's that are still supported).

Any suggestions on where to go from there or what to prioritize?

[–] noUsernamesLef7@infosec.pub 1 points 9 months ago

I'm studying for CCSP right now. It's fairly general and tries to be vendor neutral but Architecture is one of the knowledge domains on the exam. Might be worth it if you meet the work requirements or experience waiver requirements.

A lot of people also seem to conflate it with the CISSP when it comes up in conversation I've noticed.

[–] noUsernamesLef7@infosec.pub 7 points 9 months ago (1 children)

Curation is my answer. Return to the old ways of curating your own lists of resources and sharing them with other people. Web rings, blog rolls, link sharing, RSS

view more: next ›