• 0 Posts
  • 33 Comments
Joined 1 year ago
cake
Cake day: June 15th, 2023

help-circle





  • I just started my first official cybersecurity position at a medium size company in an industry that is currently being heavily targeted with ransomware.

    I’m starting pretty much from scratch as they have not had a dedicated security role in over a year and my predecessor didn’t make much progress. So far i’ve been focused on inventory lists, policies, and procedures for hardware, software, and data. I think we’re doing okay with minimizing stuff thats internet facing and patching is in a good place (well, at least with the devices and os’s that are still supported).

    Any suggestions on where to go from there or what to prioritize?





  • Really depends on your scale and needs, but when we were in the process of transitioning from Ivanti to Intune we had a gap between them. I set up a FOG project server and a couple remote nodes and that worked really well as an interim solution. I actually started using it at home even though I don’t really need imaging too often.






  • If you’re looking at paying for certs I personally would stick with ones from common organizations, like CompTIA, (ISC)^2, SANS, Cisco, etc. I think a lot of the value in the cert (at least for career purposes) comes from the name recognition and trust placed in the organization certifying you. A recruiter looks at a Sec+ credential and knows exactly what that entails, whereas a certification from a lesser known organization or community college doesn’t do much to tell them what you know or have studied.





  • Hey, I have a career question this week! I’ve been a sysadmin for the last 1.5 years (It’s a small shop so everything security related is currently my responsibility). I’ll soon be graduating with a BS in Cybersecurity & Information Assurance. I’m SSCP, CySA+, and PenTest+ certified. I want to end up in a penetration testing role. Once I graduate, should I start looking for pen testing gigs immediately or do you think I ought to get some experience directly in the security industry first? Would getting OSCP help my chances of moving directly to pen testing?