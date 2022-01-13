 Skip to content
 
(NBC Washington)   And the number one job in the United States is .... *drum roll* ... INFORMATION SECURITY ANALYST. So if you know how to count proxies, this is your time to shine   (nbcwashington.com) divider line
BumpInTheNight [TotalFark] [OhFark]
‘’ 1 hour ago  
Its a tough job, first you have to figure out how to use RSS to subscribe to a bunch of security bulletin sites, don't worry about relevance to your company's systems though just mass them all them and subscribe to every email distro for the same.

Then here's the part to use your time wisely:  Setup a forwarding rule in outlook that sends them to all the company's IT managers.  Doesn't matter what time of day, doesn't matter if the vulnerability disclosure has nothing to do with stuff the IT people run either.  If you can keep them flowing at odd hours you will look like even more of a hero, you might need to use an advanced language like python to pull that part off.

If you can figure all that out, you have a bright future ahead of you as an Information Security Analyst!
 
AlgaeRancher [TotalFark] [OhFark]
‘’ 53 minutes ago  
Just remember your network is as good as it's weakest link, which may be a smart coffeemaker or drier at this point.
 
Pocket Ninja [TotalFark] [OhFark]
‘’ 48 minutes ago  

AlgaeRancher: Just remember your network is as good as it's weakest link, which may be a smart coffeemaker or drier at this point.


I'm pretty sure it's Doug in marketing.
 
NathanAllen
‘’ 25 minutes ago  
I've always wondered why systems IT looks down on those of us who code and query? I mean we're the ones who tell them they're not doing their job right, isn't that being helpful?
 
ClavellBCMI [TotalFark] [OhFark]
‘’ 24 minutes ago  

AlgaeRancher: Just remember your network is as good as it's weakest link, which may be any of your networks users a smart coffeemaker or drier at this point.


FTFY.
 
tommyl66
‘’ 23 minutes ago  
Your information is not secure. Maybe try talking to it and let it know you'll always love and support it no matter what choices it makes.
 
BumpInTheNight [TotalFark] [OhFark]
‘’ 23 minutes ago  

Pocket Ninja: AlgaeRancher: Just remember your network is as good as it's weakest link, which may be a smart coffeemaker or drier at this point.

I'm pretty sure it's Doug in marketing.


You're damn right he is!  That guy had the nerve to ask if it was okay to plug in an unauthorized USB mouse he got from amazon last year so I sent him PDFs of the list of NIST standards and simply asked him to document how it meets all 1300 of them and he's never responded.  I mean how hard is it to invent and then fill out an 800 row test case excel sheet for a couple standards and describe how his device meets them?  I swear he's going to get us pwned.
 
KidKorporate
‘’ 22 minutes ago  

Pocket Ninja: AlgaeRancher: Just remember your network is as good as it's weakest link, which may be a smart coffeemaker or drier at this point.

I'm pretty sure it's Doug in marketing.


Pre-approved? How can I lose!?
 
thehellisthis
‘’ 16 minutes ago  
I think there's a rule that the dumbest person in IT is crowned security analyst.
 
ryebread [TotalFark] [OhFark]
‘’ 16 minutes ago  
Cybersecurity has a zero percent unemployment rate and millions of unfilled jobs, and it has for years.

It's a good gig. I wouldn't recommend it being your first IT job, but if you've got some sysadmin/net admin/programming experience and find security interesting enough to read up on, there's a job out there with your name on it.
 
WhackingDay
‘’ 15 minutes ago  
Currently an Information Security Engineer. Missed it by that much.
 
AstroJesus
‘’ 15 minutes ago  
Or Information Security Analrapist.
 
sitesmithscott
‘’ 14 minutes ago  
Monitoring vulnerabilities is easy.  Having the staff and budget to maintain, patch constantly, and upgrade is the hard part.  My good enough and owners good enough are very different.
 
berylman [recently expired TotalFark]
‘’ 13 minutes ago  
Psssh. This lists only above board jobs. Did you know you can make $187k training wombats in underwater combat for the Moldavian government?
 
moto-geek
‘’ 13 minutes ago  

AstroJesus: Or Information Security Analrapist.


No, those guys only work on the back end.
 
WhackingDay
‘’ 11 minutes ago  

sitesmithscott: Monitoring vulnerabilities is easy.  Having the staff and budget to maintain, patch constantly, and upgrade is the hard part.  My good enough and owners good enough are very different.


Hahaha.. patch constantly, that's a good one.

/checks the cron jobs on the critical rhel 5.6 automation server
 
mikalmd
‘’ 10 minutes ago  
I thought proxies were a bunch of blondes ..
 
ClavellBCMI [TotalFark] [OhFark]
‘’ 8 minutes ago  

mikalmd: I thought proxies were a bunch of blondes ..


Show us on this doll where the seven doxxies touched you...
 
CarnySaur [recently expired TotalFark]
‘’ 6 minutes ago  
It's easy:
1. Install CrowdStrike
2.  CrowdStrike stops everything from working
3.  Blame everybody else
 
ryebread [TotalFark] [OhFark]
‘’ 3 minutes ago  

WhackingDay: sitesmithscott: Monitoring vulnerabilities is easy.  Having the staff and budget to maintain, patch constantly, and upgrade is the hard part.  My good enough and owners good enough are very different.

Hahaha.. patch constantly, that's a good one.

/checks the cron jobs on the critical rhel 5.6 automation server


I think we're averaging somewhere around 5-7 days from release to installation in prod for our IT systems. It is possible, but good luck getting buy-in for that without regulatory pressure.
 
Bennie Crabtree
‘’ 3 minutes ago  
Epideiologist, nurse practitioner, hospital orderly, respiratory therapist, N95 mask maker?

Nope fark that, we need to protect BitCoin.

What really blows my mind is that Americans are not outsourcing ISA jobs to a cheaper country with equivalent h@xx0r skillz, like Canada or New Zealand.
 
BumpInTheNight [TotalFark] [OhFark]
‘’ 2 minutes ago  
I oh forgot the most important part about being an Information Security Analyst is get good at reading the web pages that Nessus makes.  You have to get a little into the weeds here though, but I've got a cheat sheet to help you get started:
Green = Okay, but you still want a report explaining why its okay from the system owner.
Yellow = Make everyone drop everything and fix it.
Red = Make everyone drop everything and fix it.

/honestly though, Nessus is a great little tool, just run one yourself and don't let the ITS people near it
//and FFS why do Brocades still have Telnet daemons you can't even disable
 
palelizard
‘’ 2 minutes ago  

BumpInTheNight: Pocket Ninja: AlgaeRancher: Just remember your network is as good as it's weakest link, which may be a smart coffeemaker or drier at this point.

I'm pretty sure it's Doug in marketing.

You're damn right he is!  That guy had the nerve to ask if it was okay to plug in an unauthorized USB mouse he got from amazon last year so I sent him PDFs of the list of NIST standards and simply asked him to document how it meets all 1300 of them and he's never responded.  I mean how hard is it to invent and then fill out an 800 row test case excel sheet for a couple standards and describe how his device meets them?  I swear he's going to get us pwned.


At least he asked you. I once caught him trying to install some RAM chips he brought from home because "my computer isn't fast enough". Farking Doug.
 
