#security (2022-12)

Archive: https://archive.sweetops.com/security/

2022-12-08

Soren Jensen avatar
Soren Jensen

In my quest to get the company ISO27001 certified I have come across a control where I need to document where I’m signed up for Security alerts and updates.. Anyone know of good emailing lists or services updating you on the latest trends in security?

Allan Swanepoel avatar
Allan Swanepoel

This is honestly the most difficult question to answer, as each individual has a feed of their interests, or needs . I started with this list, but I wouldn’t call it extensive- https://blog.feedspot.com/cyber_security_news_rss_feeds/

Top 45 Cyber Security News RSS Feeds

Best Cyber Security News RSS feeds online. Subscribe to your favorite Cyber Security News rss feeds on Feedspot RSS Reader

Soren Jensen avatar
Soren Jensen

I know, I already feel fairly up to date on security news without being subscribed to any news letters.

Soren Jensen avatar
Soren Jensen

Thanks for the link collection, looks good

sheldonh avatar
sheldonh

Setup renovate on your repos and mend if you ha e paid version. Dependabot as well can be useful but less flexible.

Now you’ll get prs for security updates and advisories in github. Other platforms have similar setup. First thing I do in a project/org.

Soren Jensen avatar
Soren Jensen

Sorry Sheldonh I saw your answer and completely agree, we use dependabot

1

2022-12-09

2022-12-13

Joe Perez avatar
Joe Perez

Hello all! I wanted to see if anyone had suggested training for breaking into security. My brother is looking for a career change and is currently looking into a security bootcamp through ASU. The bootcamp is pretty pricey at $15k, but it is a 6 month program. I’m helping him learn git/bash/etc, but I’m probably less efficient at teaching him security related stuff

Soren Jensen avatar
Soren Jensen

Get an acloudguru.com subscription and take courses there.

1
Joe Perez avatar
Joe Perez

I’ll tell him to get started on the “Hundreds of courses. Thousands of labs. Endless possibilities.”

sheldonh avatar
sheldonh

I always tell friends/coworkers don’t “get into security”. Look at the Reddit threads. It’s not common to hire junior security team members and it’s a small small percentage of a company. Do more cloud engineering or SWE work and deep dive into security but don’t think of it as your only thing. Being more well rounded is important and specialization later. More detailed stuff can be found in Reddit and such. Hope that’s semi useful

Joe Perez avatar
Joe Perez

@sheldonh that’s actually a good and fair assessment. I have a similar feeling about “DevOps”. It takes a lot of different technical expertise to get into it, but that doesn’t mean people shouldn’t try or that a path shouldn’t be created for people to get there. I’ll take a look at reddit too and hoping that my brother will find out what really attracts him to security to help guide him. I’ll take a look at the reddit threads too

sheldonh avatar
sheldonh

DevOps is much different imo it stands today in most companies. Junior engineers are fine there. Lots of opportunities.

But you don’t go from zero to “I’ll be responsible for securing your network” or I’ll handle your cross region data replication”.

Personally I think “security engineer” is a more specialist/dying breed in general. I think kost companies only have 1-2 that I’ve worked at.

I think the path is if you’re interested in security, the best path forward should be rounding out your technical understanding in many areas and then specializing in security. Once you have a general knowledge of the field. The key is that the path is not going straight into it but that it’s a possible option as you gain experience.

sheldonh avatar
sheldonh

It’s sort of like somebody saying I want to be a manager out of high school so they go that path thinking I am going to be a VP there’s a path to get there and it requires more low level people management skills and finally broader levels of responsibility.

anyway is a good chat feel free to discard anything you don’t agree with had to think on this a bit lately with multiple people asking me for pointers on which path to take. I kinda feel cloud engineering in genersl is so accessible and specializing later is always an option. Cheers!

1
Joe Perez avatar
Joe Perez

I agree, cloud engineering is the way to go and people want to jump ahead

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
jassics/security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on…

1
1
this1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(via @matt)

Joe Perez avatar
Joe Perez

Thank you Erik!

2022-12-15

2022-12-16

2022-12-21

matt avatar
matt
07:18:08 PM

@matt has joined the channel

    keyboard_arrow_up