Become a fan of Slashdot on Facebook


Forgot your password?
Last Chance - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Re:Work/Life balance means Life *is* work (Score 2) 242

Time to find another job. Ever since I've left IBM, my work/life balance has been excellent. The first post blue job was in a two man department with myself and a director. His philosophy was get things done, use all your PTO, and if you need to do something during the day as long as you weren't scheduled to meet with a partner or client (which was rare for us) do the non-work thing. Now I'm at a fortune 250 company and they have the same style except there are 5 and soon to be 6 of us.

Comment Re:how does anyone make money off this? (Score 3, Informative) 116

I support a health care company and the hacks are often about money. Gain access to an unsecured medical device, then pivot to other internal systems with the goal to get into the billing records. Exfiltrate patient data, especially the records of minors. A minor's SSN is very valuable, because how many parents check the credit report of their kids? So a bad guy could have years to nearly 2 decades of access to a SSN that isn't monitored.

Comment Bulletproof SSL and TLS, get it, read it, live it (Score 1, Interesting) 25

I can't recommend the book Ivan wrote on SSL and TLS. Bulletproof SSL and TLS gives a very good overview of how SSL and TLS operate, explains some of the attacks used against SSL/TLS, and gives some information on how to configure TLS.

I also find SSL labs to be a great tool to evaluate web sites of vendors and company hosted sites.

Submission + - Security training courses?

ageoffri writes: I'm going to be able to take one maybe two training courses next year and starting to figure out what would be a good course to take. While I'm not 100% sold on the concept of certs as the be-all and end-all of demonstrating knowledge and more importantly application of that knowledge, if someone else is going to pay for them I figure why not.

Right now I'm leaning towards classes that have certs associated with them since HR drones look for letters. I also wouldn't mind a class that is just fun and interesting even if it isn't directly applicable to what I do currently.

My short list is:
CCSP by Training Camp

SEC503: Intrusion Detection In-Depth by SANS (GPPA cert)

SEC504: Hacker Tools, Techniques, Exploits and Incident Handling (GCIH cert)

SEC550: Active Defense, Offensive Countermeasures and Cyber Deception (no cert)

The first two directly apply to my day to day job. The third one just looks like fun, while the last one is also fun sounding but I doubt I'd have much opportunity to put the skills to use.

I'm curious what others here are thinking about for future training and other options to consider.

I already have my CISSP, along with a MS in Information Assurance so the two obvious choices are finished.

The gent who wakes up and finds himself a success hasn't been asleep.