Dir Basement

@blackroomsec Embrace the Magi

I am as worried about Claude Mythos being tested in a closed-to-the-public exercise by 12 tech companies taking my cybersecurity job now, as I was the Covid vaccine having been tested on 8 mice, and my refusing to take it because of that, and doing the same, then.

@blackroomsec Cryptographic erasure would destroy the data in an instant - *if* the data was sitting on an already encrypted drive. Requires actually loosing the encryption key, and it’s an approved method for data destruction. Furthermore, classified drives get also physically pulverized

Ok, so, no, this didn't happen. IDC what the record says. First of all just a straight delete on 100 TB would take longer than one evening. And since it was the FBI and they have to comply with CJIS (their creation) and department of defense rules minimally they would have to do a one pass zeroization or random character and that definitely wouldn't take one evening. As it contained secret data they most likely had to do a three pass so you're looking at one to two months. It didn't say ransomware which would take seconds, they said delete. Does anyone in the government understand that there's those of us out here that understand technology and can call bullshit on all this, like I just did?

@gabsmashh Memes count as Egyptian literature 💁‍♂️🖤

every day we stray further from the internet's true purpose

@EperscEvan @tekbog Most, not all, of Azure is in Terraform. Hope you like eventual consistency failing your applys 🙃

how it feels logging into Azure

@blackroomsec Let’s not early Internet cyber, k? 😂

It's Monday morning, hackers! Let's cyber the hell out of this place! 🥰

@FrankMcG @CoolEyeNet If you do the math, this is actually cheaper than them being under P2. More of a pain in the ass to buy a separate license under card/PO

@CoolEyeNet Blue box. learn.microsoft.com/en-us/entra/id…

Conditional Access for Azure Service Principals costs $36/yr for each identity? This is completely free on AWS.

@blackroomsec It is a rare thing in these times, and this industry, to land a job out of desire, not chasing the almighty dollar out of need.

Good evening everyone, I have a job-related update for you, finally. I have accepted a cybersecurity role in a county District Attorney's office doing exactly what I wanted to do and had set out to do after being laid off in May. If you recall I said I would be taking a step down the ladder as the demands of my former role did not give me the mental space to do the things I love in my spare time. I think I will be a lot happier with this new position and less stressed even though I have admitted in the past I think I was addicted to the stress. Palpatine and my ex female boss gave me a recommendation and for that (and a great many other things), I am in their debt. The DA and their team know my former bosses, very well, and are friendly with them. Now I can help to shape cybersecurity policy which will have a meaningful impact not only for my state but for a number of towns in the county where this is. I start Monday. I already have my lunch packed and my notepad and other items I think I'll need, including questions I have, ready to go. Time to get back to work defending the cyber frontier. I can't frickin wait!😊

@ogFergieV @blackroomsec I hear you with HM and tech panel together. Seen groupthink on panels get snowed, but having HM and tech apart weed out better & gather different responses. AWS had 3 person max on a session to specifically weed out group think, & back to back as a “pod” - maybe more ideal?

@PurgatoryCat @blackroomsec We refined our questions to make it nearly impossible to BS. Ten questions and I can tell if someone can do IR or not. I think I'm on the same page as you, but I don't see why HM and tech panel can't be on the same interview; everyone I've recommended in my career has been great.

Jake is correct here, once again. The 2024 job market is the most idiotic thing I've ever seen in 3 decades of working. Lots are unemployed and can't find jobs. I've been unemployed since May. Jobs are asking for 7 to 8 interviews for entry level roles which is absurd. For Director level positions I've held, the most was 3 with 3 being the CEO. For my last role for the past 5 years at the CISO level, I had two interviews. Second was with firm ownership. My thank you letter to them was my first 6 month action plan which I then implemented to the letter after being hired. If you had a job and were just looking for a change, you can't take off 8 times for one role. Or, rather, the possibility of one role. Recruiters don't know what they're looking for, ask questions which have nothing to do with the role and are ghosting candidates. One asked me for advice on what they should say instead of what they did when I stared at them in horror on one Zoom call, at one point. I also corrected several help wanted ads as what they wrote was impossible and I provided citations. One being a tweet I made once talking about the topic. Sorry, I'm stickler for this kind of stuff. I'm not saying no one can learn but don't put out misinformation in job advertisements please. Just because you heard a term doesn't mean you comprehend it. And really you shouldn't be hiring for it but that's neither here nor there. With over a 150k tech workers laid off in 2023 to now, anyone with a adjacent experience to these roles should have eaten up the first 150k of the 750k jobs easily. I've also seen evidence that organizations are being paid to look like they're hiring when they're actually not. I can't prove it though. They call them ghost jobs because they literally don't exist. This is outrageous behavior for an employer giving people false hope during a very stressful time for them which is evil on its face. But it's okay because job seekers will remember which will only hurt employers who employ these tactics later on down the road.

@Spencer_Gray @J0hnnyXm4s They should be contributing to a team, growing day by day, showing passion and curiosity to improve what they work on. It’s why I usually do interns to juniors as both parties “try” and can measure each other.

@J0hnnyXm4s Eh, every other engineering discipline is able to take on juniors and train them up. A Junior shouldn't be leading a team or making big decisions, but they shouldn't be leading a development team either.

No; we need to stop lying to students and telling them cybersecurity is an entry level career.

@J0hnnyXm4s I had 2 this summer - one that did these training pre-reqs on their time with the given 3 months before internship start, other did not. Guess whom is walking away with job in career at their senior graduation 💁‍♂️

@J0hnnyXm4s Amen. I do interns now as HM - the ones that get hired have 2-3 internships in tech, we bring on as an intern with pubically free online training they can take themselves. The ones that take their own time & passion to learn thrive in internship to make a full time hire offer.

@ogFergieV @blackroomsec I have done individual, panel interviews, gruesome AWS full day as interviewee and interviewer. Stages are risk mitigation. Not all are necessary. Tune Qs at recruiter and HM for best success and experience as I have learned.

@ogFergieV @blackroomsec As HM, use to run myself & my boss as only interviews. Had candidates lie on resume, & to my face, on skills. Hire them, only to find when put to work, cannot do. Try to coach, team takes hit, only to fire them. Now my team has interviews behind mine with tech verification.

@blackroomsec Most security orgs I have dug into in career (gov, FANNG, finserv, startup, VC, healthcare, etc) are always understaffed. <10% the size of org supporting, usually <5%, a mile wide of duties, click ops at most, not scalable. Adding junior body w/ existing pile takes dedication.

@blackroomsec I still hold belief cyber is not entry. Must cut teeth part time either in personal time, internships, or elsewhere. Colleges are turning out dud candidates; 2023 tech bubble did same to feed into. Always will be a cyber shortage as it’s least funded by businesses. 2 of 2

@blackroomsec @GeorgeOu I was laid off in dot com bust, survived through 2008 by going gov contracting. As an HM, with my team’s specialized work (cloud only), still hiring and growing as our SaaS grows.

@GeorgeOu I was slightly affected by the dot com bust but thought the worst was 2008 Great Recession. 2024 is by far the worst. 15 techies I know offline are unemployed for over 9 months, can't find work and they are very talented. Something is very wrong.

@mzbat But why did you have to use it?

@blackroomsec Be ready for that dept that goes back to VP first to bypass everyone in line - because they can prove X budget will gain Y return on revenue or cut down future ops costs - and leave the rest of you to fight it out. So many years of that in healthcare and feds 😬🥃

So let's use a simple explanation with two people a few fruits and some candy. We'll use the timeless Alice and Bob. Alice has 12 bananas, 8 oranges and 10 apples. Bob has 15 Twix bars, 28 candy canes and 1 stick of gum. Now let's say that Alice and Bob have to get together to cook a meal using the ingredients they have for the board of directors at their company. In one of the recipes that both Alice and Bob have which are different recipes themselves they each call for one stick of gum however if you look at the list only Bob has the one stick of gum and Alice doesn't have any. In order to get Alice the one stick of gum to do the recipe we have to purchase it. Let's also say that the one stick of gum in this scenario is $10,000. Alice and Bob go to their bosses who each only have a budget of $2,500 each. Even if we were to combine Alice and Bob's department's budgets we still have a $5,000 shortfall. Also keep in mind that if we drain the budget of the two departments there's no money left for anything else and that needs to be considered as well. If those two departments don't generate any more revenue their entire rest of the year nothing can be purchased for them. So now we need to make up the $5,000 remaining from somewhere else. Now let's say that in the warehouse there is a computer that has two Titan class video cards in it worth $3,000 total. If we sell the computer as is with the two video cards we could probably get about $3,500? But we're still $1,500 short. So the vice president calls a meeting with all the department heads and he says that Alice and Bob are short $1,500 assuming two department's budgets are going to be wiped out and asks where we can make up the rest that we need. Keep in mind the goal is only to get an additional stick of gum but look at all the parameters that are involved in getting it. All the department heads around the table begin to passionately and vigorously defend their own departments and budgets and say that they have absolutely no way to help get the $1,500 because they're all running behind and funds are tight. They say things like we have to meet quotas. As an aside whenever I hear that word "quota" it's a death knell for whatever project is on the table. In the fray the marketing director stands up and says well in the spring I have an entire campaign that I'm going to run that costs $2,000 so where are we getting the money for that? So now the situation has become more complex because we still don't have the stick of gum we need for Alice and if we wipe out the two department budgets we still have a $1,500 shortfall but we also have an additional $2,000 shortfall coming up in the spring. The vice president calls an adjournment to the meeting and asks everyone to go back to their respective departments and come up with ideas in a calm fashion and later that day there's a knock on his door and someone says that Bob, in a spontaneous act of generosity, has given out all his candy canes to everyone he works with and they have eaten them. 😳 So now we're looking at a $1,500 shortfall for the recipe that Alice and Bob were going to collaborate on plus missing the one stick of gum and we also need to come up with $2,000 for the marketing department and 28 more candy canes. Copy everything I wrote above this paste it into ChatGPT and ask it for ideas on how to solve this problem and where to find money. I take my situations at work and I change them into scenarios like this so I'm not leaking any private data and I ask it to help me. I'll say please make a decision tree for the vice president and a bulleted list of ideas on how to generate more income streams in the short term.

@gabsmashh I am HM :P tanium.com/careers/542714…

Hey all! One of my former coworkers is looking for a new role. He is open to a variety of types of positions, and his specific experience is: - 5 yrs AWS (Infrastructure, EC2, Security Hub, networking, S3, security groups, VPN, cross-account communication, IAM policies, etc.) - 8 yrs Linux admin - BASH scripting - 2 yrs Terraform - 3 yrs Ansible - 6 yrs healthcare experience (PII, PHI security experience with laws across the world) - Vulnerability management He's super talented and one of the most hardworking people I know, so please post here with any openings you may have or know of! He's located in northern NY state, and is open to remote work.