Infosec researcher | writes @ https://shellsharks.com
Mastodon: @shellsharks@infosec.exchange
Never heard of 'em. I'd say most of those things, while not necessarily "scams", are probably not worth the time you would put into them. That said, if you have free time and they pay, then it is what it is. If you go down that path, make sure to report back!
Big consulting firms (e.g. Accenture) and the like. Government jobs too if you're close to where those are. Outside that, it's very random which companies have such openings. The bigger the company the more likely it would have a higher diversity of roles and seniority openings.
Omg. I too have developed an "affinity" for coffee as of late. Have been thinking of cutting back. There's always tomorrow right?
Y'all doin' cool stuff. Rust, K8s, GH automation - 💪 @CodeGameEat@lemmy.world @MigratingtoLemmy@lemmy.world @thadah@lemmy.world
Pretty much everyone recommends this https://www.professormesser.com
Don't know if this counts for what you were looking for but bluetooth headphones are a game changer for me. Cleaning around the house, at the gym, on a run, etc... Very freeing compared to having the wire running into my pocket.
What do you mean?
What are you trying to do with it?
Meow 😸
Had not heard of this. Got some reading to do 👍
Good luck getting those new resources/headcount!
CIS Critical Security Controls and/or NIST CSF as frameworks to help put you in the right mindset. But so much of what you should do first depends on some variables imo.
Once you answer these questions then you can get a better idea of where to spend the limited time/money you have. The CSC will likely tell you to tap into an inventory and do some form of Vulnerability Management. This is a decent idea as you need to know what you are trying to protect and also catch low-hanging fruit via vuln scanning. Instrumenting endpoints (EDR) or gaining visibility into your infra is also important but which do you pick first? Crowdstrike is awesome but expensive. No one solution is a silver bullet.
Have a plan, create a reasonable roadmap, figure out your companies risk threshold, ask for more resources depending on what level of risk they're willing to accept and how quickly they want things implemented.
Oh cool. I've been thinking of getting one too. But I already have too many projects and too much work and not enough time 😩 (not that that's ever stopped me from buying stuff before...). Where do you write?
Another part of my Lemmy <--> Mastodon experimentation. The Fediverse is cool but it is also a little confusing 😅
What field is it?
I haven't been looking so I can't speak with first-hand xp. From others accounts on socials it seems like it's kinda rough but everyone has different experiences. Good to hear some potentially optimistic news for a change though so I'll take it.
On one hand, the market is such that it might be too much work / too depressing to passively hunt for a plan B. On the other, it's probably good to have an idea of what a plan B could be...
Im not sure if your situation is "normal", but it may be less rare than you think. Chaos can be a ladder, but it can also result in you just being overworked and making no real progress technically or professionally. Given the situation I would probably just look for what else you can find and jump on anything that seems promising, but in the mean time keep your head down and get your job done and try to make the best of the situation. Do you feel your situation is stable in terms of job security?
I wrote a bit about the pitfall(s) of "Certification Paths" - https://shellsharks.com/notes/2023/11/14/stop-worrying-about-certification-paths.
This is coming from someone who has A LOT of certs, and I've learned over this time that it's just not the right way to think about progressing career-wise. You can read more though about certs and some thoughts on what you could take here too https://shellsharks.com/training-retrospective#what-certification-or-training-should-i-take.