|
Some people hire folks who only know what you can learn at school, and then teach them on the job. Dozens, perhaps hundreds of new grads get jobs this way every year.
|
#
?
Dec 8, 2016 23:19
|
|
|
|
| # ? May 7, 2024 11:21 |
|
|
Hey I'd be happy with a new grad. Just not a mid 30s loving certification whore who hasn't worked for anything that didn't end in "group" and who believes that powerpoints are the best form of communication.
|
|
#
?
Dec 8, 2016 23:25
|
|
|
Mustache Ride posted:Mostly consulting groups it seems. What a waste of time the past 2 interviews have been. What type of security are you hiring for. I could help you with some questions I would ask for those positions.
|
|
#
?
Dec 8, 2016 23:37
|
|
|
I was hiring a developer and he boasted about having developed some application to track malware and security incidents at his company. When it came to authentication he told me he just stored the credentials in the database so I asked him how he stored them. He had no idea. These people exist. My suspicion was that he did this in Microsoft Access as that was a skill he left on his resume.
|
|
#
?
Dec 8, 2016 23:38
|
|
|
Internet Explorer posted:People who still buy IBM. To be fair to IBM, qRadar with Watson is rad as poo poo.
|
|
#
?
Dec 9, 2016 04:43
|
|
|
psydude posted:To be fair to IBM, qRadar with Watson is rad as poo poo. Hmm what the hell is that *googles* "Cybersecurity in the cognitive era: Priming your digital immune system" *closes tab*
|
|
#
?
Dec 9, 2016 05:39
|
|
|
psydude posted:To be fair to IBM, qRadar with Watson is rad as poo poo. Have you had to do your own Watson integration or have you only used ibm provided tools? Just curious.
|
|
#
?
Dec 9, 2016 05:56
|
|
|
Mustache Ride posted:Hey I'd be happy with a new grad. Just not a mid 30s loving certification whore who hasn't worked for anything that didn't end in "group" and who believes that powerpoints are the best form of communication. As a mechanical engineer PowerPoint is the accepted form of communication though. I hated it so much.
|
|
#
?
Dec 9, 2016 14:05
|
|
|
hobbesmaster posted:Hmm what the hell is that Looking past the marketing bullshit, it uses the Watson API to perform anomaly-based detection and map out activity in a visual overlay. Trabisnikof posted:Have you had to do your own Watson integration or have you only used ibm provided tools? Just curious. I've only played around with the beta.
|
|
#
?
Dec 9, 2016 15:06
|
|
|
Antivirus lol https://nation.state.actor/mcafee.html discuss
|
|
#
?
Dec 13, 2016 20:58
|
|
|
just think of all the users with a linux server as their desktop who were saved from malware thanks to mcafee, though
|
|
#
?
Dec 13, 2016 21:05
|
|
|
I like my vShield agentless AV... works pretty well and doesn't seem to get in the way.
|
|
#
?
Dec 13, 2016 21:06
|
|
|
Internet Explorer posted:I like my vShield agentless AV... works pretty well and doesn't seem to get in the way. Don't.
|
|
#
?
Dec 13, 2016 21:06
|
|
|
I really hope vmware was smart enough so whatever service being passed arbitrary data through the vshield api doesn't have root privileges on the host like all almost every other conventional AV engine. That would be a hell of a way to get your infrastructure owned.
|
|
#
?
Dec 13, 2016 22:07
|
|
|
I'm not aware of any history of vShield exploits. I did a quick look and I see one from 2012 that seems rather benign. I know AV is a bit of a joke, but what do you guys do in your environment? No AV across the board? Not even for using-facing systems? I find that hard to believe.
|
|
#
?
Dec 13, 2016 22:10
|
|
|
Internet Explorer posted:I'm not aware of any history of vShield exploits. I did a quick look and I see one from 2012 that seems rather benign. We use Windows Defender in my organization for AV because we see no point in purchasing anything beyond what we can get cheaper through Microsoft. To help us out, we use FireEye HX to conduct investigations whenever poo poo goes awry. With a few clicks, I can dump RAM, pull data from disk, and get a tonne of artifacts that would otherwise disappear into the ether. It's not protection; it's to tell us how hosed we got. AV is garbage.
|
|
#
?
Dec 13, 2016 22:15
|
|
|
Internet Explorer posted:I'm not aware of any history of vShield exploits. I did a quick look and I see one from 2012 that seems rather benign.
|
|
#
?
Dec 13, 2016 22:15
|
|
|
Internet Explorer posted:I know AV is a bit of a joke, but what do you guys do in your environment? No AV across the board? Not even for using-facing systems? I find that hard to believe. That was the setup at my previous, large, actively-attacked employer.
|
|
#
?
Dec 13, 2016 22:27
|
|
|
We run SourceFire/AMP for Endpoints. We're a Cisco shop so we eat our own dogfood. We've had a couple false positives but also catch a fair amount of nasty poo poo. That and common sense. Common sense is the real antivirus.
|
|
#
?
Dec 13, 2016 22:34
|
|
|
Also internal segmentation, like requiring 2FA to transit from the corp network to development servers. That came in after someone burned a zero-day to target some of our developers, back when humans still ran Java.
|
|
#
?
Dec 13, 2016 22:41
|
|
|
hostile attacker someone or good red team someone
|
|
#
?
Dec 13, 2016 22:46
|
|
|
Subjunctive posted:Also internal segmentation, like requiring 2FA to transit from the corp network to development servers. That came in after someone burned a zero-day to target some of our developers, back when humans still ran Java. Also 802.1x so when Jim Dipshit comes to work with their lovely Acer laptop running Windows Vista Home so they can watch Netflix they'll find themselves unable to get on the LAN because without being able to join the domain they'll never get a certificate.
|
|
#
?
Dec 13, 2016 22:47
|
|
|
Kazinsal posted:That and common sense. Common sense is the real antivirus. No, no it is not. Please stop saying this everyone.
|
|
#
?
Dec 13, 2016 22:49
|
|
|
Wiggly Wayne DDS posted:hostile attacker someone or good red team someone Not a red team. There was a forensics festival, my whole team was invited. (They were targeting my team specifically.)
|
|
#
?
Dec 13, 2016 22:50
|
|
|
Internet Explorer posted:I know AV is a bit of a joke, but what do you guys do in your environment? No AV across the board? Not even for using-facing systems? I find that hard to believe. Mcafee 
|
|
#
?
Dec 13, 2016 23:24
|
|
|
BangersInMyKnickers posted:No, no it is not. Please stop saying this everyone. Yes, it is. The problem is the scarcity of common sense.
|
|
#
?
Dec 14, 2016 00:57
|
|
|
RFC2324 posted:Yes, it is. Common sense says, if the error message is asking me to call someone it must be really loving serious and I better do what it says
|
|
#
?
Dec 14, 2016 01:06
|
|
|
Common sense says you tell your users to always, always call IT for support, and make sure that number is routed to a human 24/7.
|
|
#
?
Dec 14, 2016 01:08
|
|
|
Oh, tell my users to do something? Problem solved then!
|
|
#
?
Dec 14, 2016 01:13
|
|
|
RFC2324 posted:Yes, it is. Nothing Bad Will Every Happen Because I Live In A Vacuum [Everyone Is Dead]
|
|
#
?
Dec 14, 2016 01:17
|
|
|
Internet Explorer posted:Oh, tell my users to do something? Problem solved then! It may not be sufficient, but it's a good idea.
|
|
#
?
Dec 14, 2016 01:27
|
|
|
Trabisnikof posted:Common sense says, if the error message is asking me to call someone it must be really loving serious and I better do what it says Common sense says to call someone you trust instead of a random phone number.
|
|
#
?
Dec 14, 2016 01:32
|
|
|
Relying on common sense is as dumb as relying on AV, even the best people make mistakes. Common sense helps, but it's no replacement for secure by default systems.
|
|
#
?
Dec 14, 2016 01:40
|
|
|
apseudonym posted:Relying on common sense is as dumb as relying on AV, even the best people make mistakes. I'll write a book on herding cats if this were to ever work.
|
|
#
?
Dec 14, 2016 01:41
|
|
|
apseudonym posted:Relying on common sense is as dumb as relying on AV, even the best people make mistakes. Defense in depth is a thing.
|
|
#
?
Dec 14, 2016 01:44
|
|
|
OSI bean dip posted:I'll write a book on herding cats if this were to ever work. Systems are markedly better than they used to be (but still a long way to go), people remain as prone to loving up as ever.
|
|
#
?
Dec 14, 2016 01:45
|
|
|
RFC2324 posted:Defense in depth is a thing. Sure, but if I'm doing an internal audit or a risk analysis I can only include systems and solutions that are predictable in nature. People exercising common sense or following process would not be one of them.
|
|
#
?
Dec 14, 2016 01:46
|
|
|
flosofl posted:Sure, but if I'm doing an internal audit or a risk analysis I can only include systems and solutions that are predictable in nature. People exercising common sense or following process would not be one of them. Your risk analysis has to ignore people, as a class?
|
|
#
?
Dec 14, 2016 01:50
|
|
|
Subjunctive posted:Your risk analysis has to ignore people, as a class? Well, no. But I'm concerned with stopping them from being self-destructive idiots, not factoring them in as a layer of security.
|
|
#
?
Dec 14, 2016 01:53
|
|
|
|
| # ? May 7, 2024 11:21 |
|
|
flosofl posted:Well, no. But I'm concerned with stopping them from being self-destructive idiots, not factoring them in as a layer of security. I don't think you can remove them completely as a layer, they're still a (failable) part of any reasonable model.
|
|
#
?
Dec 14, 2016 01:56
|
|