Where are you based? Happy to have a chat -- I run VM for a large tech company and have a lot of openings
>>I’ll tell you a story of when we were developing a product here States-side. We worked with one very gifted development team and we put all of our eggs into that basket. They were doing great work for us but…
I often right click where I want to click then left click out of the right click menu. It solves my subconscious desire to click, and lets my mind accept waiting. Plus, no negative effects, like going to the wrong link…
Might want to fix the Lorem Ipsum on the homepage for mobile towards the bottom :) for example HIPPA Compliance Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc quam urna, dignissim nec auctor in, mattis…
A combo of in house tools for creating findings from "non-standard" tools, (standard tools being nessus, app scan, etc.) Such as pen tests, responsible disclosure, red teamings, etc. We partner with Kenna Security…
Precisely :) definitely nailed the locations of the people I know
Yes the ones I know do it full time as their only income AFAIK. Most do live in low cost of living areas, none of them that I know are living in places like San Fran :)
Everyone is trying to get a piece of the pie :) trickiest thing right now is defining what an "asset" truly is. An asset could be ephemeral cloud infrastructure, an uncompiled piece of code, an API endpoint, a server, a…
I know a few folks who do full time between things like SynAck and BugCrowd. SynAck is the ideal model in my opinion for pivoting to full time vs part time as a professional bug bounty individual, although it takes a…
I am referring to a CIA (confidentiality, integrity, availability) related incident. Less so the availability. If an attack was truly motivated, the web stack / application stack is not how you compromise the system.…
>>Nobody is doing anything to try reduce or manage complexity so it's only getting worse. I disagree, I see a number of large corporations starting to standardize either 1) their entire development stack from IDE all…
The biggest areas for growth for Cyber at the moment are of the not-so-sexy jobs. The asset inventory, patch management, vulnerability management, third party management, risk management, etc. If you are good at any of…
I think this is a bit short sighted and shows a lack of knowledge of the industry and the subject. I know for a fact that almost every large institution of even the slightest quality is currently in full panic mode…
I've replied to your thread level comment, but please do feel free to reach out to me if you want any advice or discussion: i@willcode.it
>>1. Aside from: linux cmds, nmap, metasploit, sqlmap, mimikatz, kali's well known tools - what other tools are often used by pen testers ? I think those + your typical scanners (Nessus, Nexpose, etc). One gap I know…
YMMV, but, in my experience the biggest difference between these platforms and "real world" is the amount of data available (generally). At big companies, if you were to run a red team exercise or pen test, most of the…
Where are you based? Happy to have a chat -- I run VM for a large tech company and have a lot of openings
>>I’ll tell you a story of when we were developing a product here States-side. We worked with one very gifted development team and we put all of our eggs into that basket. They were doing great work for us but…
I often right click where I want to click then left click out of the right click menu. It solves my subconscious desire to click, and lets my mind accept waiting. Plus, no negative effects, like going to the wrong link…
Might want to fix the Lorem Ipsum on the homepage for mobile towards the bottom :) for example HIPPA Compliance Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc quam urna, dignissim nec auctor in, mattis…
A combo of in house tools for creating findings from "non-standard" tools, (standard tools being nessus, app scan, etc.) Such as pen tests, responsible disclosure, red teamings, etc. We partner with Kenna Security…
Precisely :) definitely nailed the locations of the people I know
Yes the ones I know do it full time as their only income AFAIK. Most do live in low cost of living areas, none of them that I know are living in places like San Fran :)
Everyone is trying to get a piece of the pie :) trickiest thing right now is defining what an "asset" truly is. An asset could be ephemeral cloud infrastructure, an uncompiled piece of code, an API endpoint, a server, a…
I know a few folks who do full time between things like SynAck and BugCrowd. SynAck is the ideal model in my opinion for pivoting to full time vs part time as a professional bug bounty individual, although it takes a…
I am referring to a CIA (confidentiality, integrity, availability) related incident. Less so the availability. If an attack was truly motivated, the web stack / application stack is not how you compromise the system.…
>>Nobody is doing anything to try reduce or manage complexity so it's only getting worse. I disagree, I see a number of large corporations starting to standardize either 1) their entire development stack from IDE all…
The biggest areas for growth for Cyber at the moment are of the not-so-sexy jobs. The asset inventory, patch management, vulnerability management, third party management, risk management, etc. If you are good at any of…
I think this is a bit short sighted and shows a lack of knowledge of the industry and the subject. I know for a fact that almost every large institution of even the slightest quality is currently in full panic mode…
I've replied to your thread level comment, but please do feel free to reach out to me if you want any advice or discussion: i@willcode.it
>>1. Aside from: linux cmds, nmap, metasploit, sqlmap, mimikatz, kali's well known tools - what other tools are often used by pen testers ? I think those + your typical scanners (Nessus, Nexpose, etc). One gap I know…
YMMV, but, in my experience the biggest difference between these platforms and "real world" is the amount of data available (generally). At big companies, if you were to run a red team exercise or pen test, most of the…