|
Martytoof posted:Asked in the IT Cert thread but I'll check here too. Mine came in a few months ago, but I took the exam like two years ago (had to wait on the experience requirement). My boss is working on hers right now.
|
# ¿ Sep 16, 2017 14:55 |
|
|
# ¿ Apr 27, 2024 02:05 |
|
CommieGIR posted:Hell, millions still use plane dictionary words. We had a load balancer get hit like that. Plane dictionary words should be a pretty flat load though. No balancing required.
|
# ¿ Apr 22, 2019 05:18 |
|
Combat Pretzel posted:lolwat At an engagement I did years ago, we warned the client that their 'data center' (maybe 100 physical servers) was in the basement of a large, old building which had had water issues and that the data center had no mitigation or detection for water damage. They said "thanks but that's a hypothetical issue that is unlikely to affect us". Less than a year later there was a fire on another floor. Although there were no sprinklers in the data center, the water from other floors went downhill, flooded their data center, and trashed everything.
|
# ¿ Jan 21, 2020 18:53 |
|
BangersInMyKnickers posted:nah they'll be able to get that expunged since the charges were dismissed I'm sure that will help some, but at a former engagement with a law enforcement client I had to get fingerprinted twice. Why? When I asked the client that, they said it was because they used the wrong code the first time; they meant to use the code that returns full results, including expunged results. Maybe they were just pulling my leg. I hope they were pulling my leg.
|
# ¿ Jan 31, 2020 21:40 |
|
Martytoof posted:I’m sure most orgs will throw that on the biennial patch schedule right away. E: can't spell
|
# ¿ Jun 29, 2020 18:31 |
|
Jeoh posted:what the gently caress is the deal with auditors who want screenshots instead of console output? Poor training or bad instructions from management which they're not willing to push back on, usually.
|
# ¿ May 12, 2021 18:24 |
|
Wanted: 5 years experience implementing version 8 of the CIS controls.
|
# ¿ May 19, 2021 17:14 |
|
navyjack posted:I eventually want to get into GRC and audit Every government audit shop in existence is perpetually trying to hire new auditors and train them up because they inevitably leave for more money within 3-5 years. Most state auditors have IT security audit teams and they are constantly losing people who are poached for internal GRC or IT audit roles at the places being audited. And if you really hate yourself, there's also working for the big 4.
|
# ¿ Jul 29, 2022 20:32 |
|
|
# ¿ Apr 27, 2024 02:05 |
|
Combat Pretzel posted:
It can be! But I don't know how common it is. Most commonly I've seen people just accept documentation like SOC-2 reports, but I have seen some places put a right to audit into their contracts. Either because they want that extra level of assurance regarding their software supply chain or because they are being forced to get that level of assurance (usually by some kind of oversight function that is remembering a giant fuckup.) When I see organizations who don't have that kind of contractual language try to get audits of their vendor-provided IT services, most often the vendor simply ignores them or says no. Unless they're desperate to retain the contract, which sometimes happens depending on the relative sizes of the business units involved and the size of the contract.
|
# ¿ Nov 5, 2023 14:43 |