Pinned post

rest of 2020 goals in mind: 📆

:pika: Pivot at the current place

:pika: Take on board another project

:pika: Actually contribute to an open source project (now that, I'm no longer involved with open source / community software)

:pika: Contribute into an online course

:pika: Pick up a whole new skill

:pika: Keep up my blog entries on hannahsuarez.me

:pika: Continue to apply and send Cfp/talk submissions

:pika: Continue on with this ruleset submissions that has been on my mind

Pinned post

Who moved my DNS cheese? BIND 9 DNS Log Collection and DNS Auditing hannahsuarez.github.io/2020/wh

Looking into other cloud DNS infrastructure for a potential series. What provider do you use?

Will be attending Black Hat Europe 2021 Executive Summit blackhat.com/eu-21/executive-s

If you know of any cyber security students, make sure to point them over to the Black Hat Student Scholarship programme! blackhat.com/eu-21/scholarship I went back in 2015 as my first conference.

You haven't worked in until your employees do their information security awareness training and complete it with a Shining meme

The surprise I've learnt working with the "non-technical" is the challenge of retrofitting the information security program to the company strategy which in turn, retrofit to the company culture in mind. I've found myself having to go against "natural urge" and be more empathic.

Show thread

Maybe it's "just checkbox work" but if you need to retrofit the information security programme w/ company strategy, existing processes are level 0 or 1 in the CMM (aka no or little established processes) and "IS = IT", they are in for an awakening. And that is why you are hired.

Show thread

(Un?)surprising but a variety of small companies (50 and under) who normally would not have ISO(Information Security Officer) but are now on the look out for one. Driven by legal/regulatory and customer requirements. Good to see this but a challenge to retrofit IS to startups.

So far this week "The beatings ("recommendations") will continue until the moral (to be compliant) improves"

Tired: Zero trust on employee endpoints

Wired: Zero trust on employees, all the trust in the cloud whatever-as-a-service

Ruin my ISO 27001 Compliance Life in one sentence.

Talking about working in to normal people: Either concerned about what their company does know about what they do on corporate laptops or relieved that measures aren't that controlled and not much security culture.

If you want to take a look at how the career framework is like, check out Dropbox's dropbox.github.io/dbx-career-f (this one for Security Engineer)

Thanks @jerry for your continued work and commitment in keeping this place running!

Doing an update of my CV and LinkedIn and I realized two things: I have at least six years in the IT/infosec industry (including my Masters would be at least six). Feels like time has gone fast since the day I decided to make a change in careers.

Been grateful to be able to have a dip in a few parts of infosec while also being freelance and remote this whole time.

New Humble Bundle out for

humblebundle.com/books/cyberse

Learn Computer Forensics, Cybersecurity Threats, Malware Trends, and Strategies, Mastering Malware Analysis, and Mastering Python for Networking and Security

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.