A request for any security engineers who are Lead/Staff/L6 level or above (e.g. Senior Staff, Principal, Sr. Principal, Architect, etc…). What advice would you give to senior engineers (and below) on things they should learn or prioritize for “leveling up” technically?...
My #1 recommendation is reading staffeng.com/book. There’s so much variance between orgs at this level (or worse, implied during a reorg).
One of the things that book helped me with is understanding the lens others view this level as four separate personas. That unlocked for me that you might be getting advice from people expecting something other than you’re going after.
Another lens is the product engineering v corp/cloud security world. They can act very differently and you often find these roles straddling 2-3 unique orgs.
Services / customer experience of what your org delivers
Threat modeling mindset: look for the big picture so you can help make sure you can help put emergencies and day to day stuff in context.
Get real feedback from others to put that judgement in perspective. Sometimes they are missing your perspective and other times you are off base!
Just remember there’s a lot of variance in higher level processes. Read the book above, then read 20 job descriptions for these titles. See if you can understand what they really want from the role.
In February, HouseFresh managing editor Gisele Navarro called out publishers like BuzzFeed and Rolling Stone as some of the culprits that publish content about air purifiers despite a lack of expertise — but Google rewards these sites with high rankings all the same. The result is a search results page filled with SEO-first...
Just listened to it again. Highly recommend. The short of it is more searches == more ads == more $. There’s a conflict between a great search experience (landing not on google) versus the time you spend ON Google.
A Texas appeals court has thrown out a five-year prison sentence for Crystal Mason, a Texas woman who was sentenced for trying to cast a provisional ballot in the 2016 presidential election that was rejected....
Current and former inmates announced a lawsuit Tuesday challenging Alabama’s prison labor program as a type of “modern day slavery,” saying prisoners are forced to work for little pay — and sometimes no pay — in jobs that benefit government entities or private companies....
Glad you got diagnosed. There’s a ton of bad management in startups. Especially stay away from managers that grew up in toxic shops.
I’ve always been a strong employee. People get good at pushing buttons. Spent more time in a divorce therapy talking about a manager than the personal issues.
Realized for every boundary problem I had, there were n alienated people on my team that really got hurt hard. Sr. Management fixed the issue
Be good at taking breaks. Be good at looking for new roles before you need them.
Often; the money side that seems big to employees is new house rich. If you aren’t happy, it’s not worth it.
I am currently trying to learn cyber security, specifically pentesting. I also do blue team things now and then, but not too often. I’ve started about 2 years ago with programming in python, later golang. I feel like I am decent in both. However when it comes to pentesting and security in general. It doesn’t feel like I’m...
Read, reproduce, understand. Think of how the programmer was solving a problem and left a problem. Did they probably didn’t understand the problems. The synthetic challenges are often a skill to themselves.
Re attention span, consider different expectations. Professional product engagements are often 2 ftes/2 weeks. Getting a few good findings out in that time is the goal.
Sometimes they run out of time on a thread they are looking at. Sometimes they pull on a thread only to find out there’s no way from here. Sometimes years later there’s an insight that x could work.
Building up that last skill is what makes you more effective. Find someone to bounce ideas off of that’s in the learning curve with you.
Basically, it’s been five days and I’m unable to even sit in a chair without a struggle. I didn’t go too hard, mainly squats and leg press. I didn’t think it would take this long to recover considering I still run 4 times a week. Is it normal to be this sore and what can I do to help it?...
You mentioned 6-7h of sleep. I suspect you aren’t getting enough sleep and not stretching enough.
You said you went from sedentary to active. Do you have off peak weeks? Did you just start leg days? Is it muscle pain or joint pain? Do you stretch?
Your tendons and joints need time to build up. I suspect you did wide ranges, you’ve not been stretching, and you’ve really put a strain on the muscle ends. Stretch daily and move throw your motions.
I went through a similar relearning curve going from cycling -> cycling / yoga -> adding weights
If the stretching activity isn’t there, man the recovery sucks.
I posted this as a comment in another post but when I got done I realized it would probably just be better as its own post. I’m sure I could find the answers I need myself but frankly I trust the userbase here more than most online articles....
Spend your time making sure you are protected against ransomware with good offline backups and able to recover your practice. Keep your payments separate from your comms machine.
Your job is going to have lots of shady things to click on/invoice/etc
Plan for it so a malicious client/infected evidence/mistaken click doesn’t take down your practice.
I’m 25y into this as a technologist and still make mistakes on “oh this will be quick”. Make sure your time sinks are 100% aligned with your business. Think of automation / value and you’ll have the right mindset.
If you find the tech side fascinating, there’s always demand for good tech lawyers and lawyer comms are entryways into technology management.
Federal law and regulations require insurers to hand over exactly this sort of information in response to a written request. And they have to do it fast: Most people who get insurance through an employer should get the records, called claim files, within 30 days....
N letters back and forth then a bill stage where you realize something wasn’t paid for. Then an hour long phone call to start an appeal process asking for more documentation about a test ordered 5 months ago. The denials are handwaves.
Insurance in general is such a nightmare. I’m in the fortunate bucket where I’m well paid and have a decent plan. One kid with chronic conditions. Then the pain of every year being forced to figure out the different game.
I’ve really liked hitbox controllers for Street Fighter 6. I’ve been really happy with how they’ve turned out and they’re a joy to use. If there’s interest I can post the build process/instructions/guide....
Off-Topic Friday
Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)
Request: Guidance from Staff+ Security Engineers
A request for any security engineers who are Lead/Staff/L6 level or above (e.g. Senior Staff, Principal, Sr. Principal, Architect, etc…). What advice would you give to senior engineers (and below) on things they should learn or prioritize for “leveling up” technically?...
Google Search is getting even worse for independent sites (www.theverge.com)
In February, HouseFresh managing editor Gisele Navarro called out publishers like BuzzFeed and Rolling Stone as some of the culprits that publish content about air purifiers despite a lack of expertise — but Google rewards these sites with high rankings all the same. The result is a search results page filled with SEO-first...
When a real user uses the app (lemmy.ml)
UltimateGuitar shows a fake tutorial video with the title of the song you're trying to learn. Clicking it just brings you to the sign-up page for their premium subscription. (lemmy.world)
Crystal Mason: Texas woman sentenced to five years over voting error acquitted (www.theguardian.com)
A Texas appeals court has thrown out a five-year prison sentence for Crystal Mason, a Texas woman who was sentenced for trying to cast a provisional ballot in the 2016 presidential election that was rejected....
Won the swift student challenge today, I might actually be able to get an internship now 🤞 (pawb.social)
Ned's Atomic Dustbin - Happy (songwhip.com)
Corner desks. They were just everywhere mostly, probably because monitors where so big and heavy (dormi.zone)
Useful apps for guitar?
Hello everyone,...
Lawsuit challenges Alabama inmate labor system as 'modern day slavery' (apnews.com)
Current and former inmates announced a lawsuit Tuesday challenging Alabama’s prison labor program as a type of “modern day slavery,” saying prisoners are forced to work for little pay — and sometimes no pay — in jobs that benefit government entities or private companies....
How do you deal with a close friend circle becoming toxic ?
I apologize in advance if posts like this are not welcome here....
How to get past theoretical knowledge?
I am currently trying to learn cyber security, specifically pentesting. I also do blue team things now and then, but not too often. I’ve started about 2 years ago with programming in python, later golang. I feel like I am decent in both. However when it comes to pentesting and security in general. It doesn’t feel like I’m...
Rosalynn Carter, former first lady and tireless humanitarian who advocated for mental health issues, dies at 96 (www.nbcnews.com)
Still sore 5 days after leg day
Basically, it’s been five days and I’m unable to even sit in a chair without a struggle. I didn’t go too hard, mainly squats and leg press. I didn’t think it would take this long to recover considering I still run 4 times a week. Is it normal to be this sore and what can I do to help it?...
Sell Me on Linux
I posted this as a comment in another post but when I got done I realized it would probably just be better as its own post. I’m sure I could find the answers I need myself but frankly I trust the userbase here more than most online articles....
You Have a Right to Know Why a Health Insurer Denied Your Claim. Some Insurers Still Won’t Tell You. (www.propublica.org)
Federal law and regulations require insurers to hand over exactly this sort of information in response to a written request. And they have to do it fast: Most people who get insurance through an employer should get the records, called claim files, within 30 days....
[DISCUSSION: WEEKLY ALBUM CLUB] Courtney Barnett - Sometimes I Sit and Think, and Sometimes I Just Sit (2015) (songwhip.com)
Hey everyone! Welcome to album club week 5!...
I made 2 hitbox controllers from scratch (i.imgur.com)
I’ve really liked hitbox controllers for Street Fighter 6. I’ve been really happy with how they’ve turned out and they’re a joy to use. If there’s interest I can post the build process/instructions/guide....
Interstate Projects (www.al.com)
More years of I-65 construction.