wop

joined 1 year ago
[–] wop@infosec.pub 2 points 1 month ago

Small follow up - asked about bag recommendations like a month ago and went with the recommendation from Nasan@sopuli.xyz - Mystery Ranch Catalyst 26l - been really happy so far.

[–] wop@infosec.pub 2 points 1 month ago

I'll look into it! Appreciate it, Cheers

20
submitted 1 month ago* (last edited 1 month ago) by wop@infosec.pub to c/cybersecurity@infosec.pub
 

Big or small, we make decisions every day. Rules, policies, processes, templates, etc.

How do you document the process and results of your decision making and track changes?

To give you some background, a lot of departments discuss certain topics every two weeks, but nothing is written down - it takes a lot of time and worse, some decisions change every two weeks.

I've been trying to fight this battle with OneNote atm and was inspired by some software change management frameworks (wild mix of things):

Each decision/problem gets a new page.

  • What is the question/problem?
  • Why is this decision necessary?
  • What are the pros and cons?
  • Which departments need to be involved? What is the scope? (department, site, country, continent, international, etc.)
  • What are the alternatives and consequences of not implementing?
  • plus changelog
  • plus metadata, such as parties involved, who proposed it, dates, etc.

Still a work in progress, but it is a mix of RFC, ADR, and some other frameworks.

How do you handle that?

[–] wop@infosec.pub 2 points 2 months ago

We do. Security/Network > dummy data / files, brainstorming, drafts. Not part of a department-wide process, but rather part of an individual's workflow.

[–] wop@infosec.pub 1 points 2 months ago

Gotcha - makes sense. appreciate it.

[–] wop@infosec.pub 1 points 2 months ago (2 children)

It may be a little late, but do you enjoy cybersecurity? - Chasing ghosts, scrolling through endless lines of logs, fending off threats, responding to incidents in high-stress situations, fighting for budgets, clients and colleagues who just don't care, being the "bad guy" in meetings, and so on.

I've only been there a few months, but there's no light at the end of the tunnel. I'm pretty sure it has something to do with my environment, but I can't see myself doing this for a long time.

[–] wop@infosec.pub 1 points 2 months ago (1 children)

I am pretty sure one of our consultants has this Osprey Comet. Looks decent! Wow, the Technonaut looks more like a travel bag than an everyday carry, and man, 400 bucks? And I thought my Veto Pro Pac was expensive.

[–] wop@infosec.pub 3 points 2 months ago (1 children)

Just ordered the Catalyst 26. Thanks again

[–] wop@infosec.pub 3 points 2 months ago

Those bags are looking great! Having enough space for tools and a big water bottle. Cheers

[–] wop@infosec.pub 2 points 2 months ago

And fairly inexpensive - thanks!

[–] wop@infosec.pub 3 points 2 months ago (9 children)

It seems that I have to drive more often to the office again. Any bag recommendations? What is your favorite brand/ model?

[–] wop@infosec.pub 2 points 7 months ago (2 children)

So, let's assume that you are in an international company and the first and only security person. What are your first steps and projects? It is like really vague, but I'd assume like a SIEM, inventory of the network and all devices, backup situation, maybe even honeypots?

What are your high-prio things that every company should have? Is there even a framework for it?

Feeling kinda lost and I hope you get some guidance in the right direction.

[–] wop@infosec.pub 3 points 8 months ago (1 children)

Testing a few CTF platforms to learn more about pentesting. It is interesting, but the learning curve is quite steep.

view more: next ›