Pinned post

Another intro post for current/new folks

- Australian, living in Berlin. Before that, UK, Canada, Ireland and France.
- I enjoy travelling. See @hcs account (more personal, though I spend more time here). I have had other accounts here which I rarely go on now.
- Digital nomad since 2016, working fully remote in information security
- Self-employed consultant. I don't represent any company.
- Interested in money management, bitcoin..
- I have various domain interests over the years.

Pinned post

Just updated my website: superuser.space/

I actually want to do more with it, which is to some more pages, consolidate some existing posts, as well as make more content.

I also want to move it to Github and have better version control over this (I already have a website on Github).

Anyway, it has been updated because I finally set up a new client that I can run under my new company after almost a year!

Pinned post

Thinking of topics to kick start my website again: hannahsuarez.github.io/
- Startup org culture x
- Your Gen Z employees x
- ISO/IEC 27001 for startups
- Employee burnout and ISO/IEC 27001

Anyone interested in being kept up to date, just this post.

Pinned post

Who moved my DNS cheese? BIND 9 DNS Log Collection and DNS Auditing hannahsuarez.github.io/2020/wh

Looking into other cloud DNS infrastructure for a potential series. What provider do you use?

So. I deactivated my Twitter for a week and the first thing I see is data breach news of a billion Chinese citizens. twitter.com/cz_binance/status/

> i like fediverse when it was less political and more about projects
> *proceeds to retweet political posts throughout his entire timeline*

Ok, uwu *proceeds to block*

Wow just noticed the character limit in this infosec instance upgrade :D @jerry

Love the purple also, reminds me of purple team.

Deep Instinct released the third edition of its annual Voice of SecOps Report, focused on the increasing and unsustainable stress levels among 1,000 C-suite and senior cybersecurity professionals across all industries and roles. The research found that 45% of respondents have considered quitting the industry due to stress, with the primary issues being an unrelenting threat from ransomware and the expectations to always be on call or available.

helpnetsecurity.com/2022/06/13

Hah yes, RSAC vendors talking about all the insights they have via "meetings with CISOs". Top "insight" - identity and access management. Do tell where to sign up for a "whitepaper".

I am in the process of applying for this EU fellowship programme. It is not directly related to information security, but I am going to be pitching my business.

I thought to apply "why not?" but realised that I actually want this opportunity now.

I didn't expect them to let me keep the website link, so now I need to very quickly update that website (bio and headline are out of date)

Show thread

ISC(2) is about to publish an interview of mine on getting into cyber security as a self-employed digital nomad :) Sometime tomorrow.

I even was able to add my website (hannahsuarez.github.io/) link through too and they included it :)

For people who are evaluating SOC 2 report - if a control was not tested during the SOC 2 period (because an event did not occur to warrant running this control), can this still count as evidence of the control on the basis that the control exists? Or just not used as evidence?

Would be curious to know if this is the case for those in Germany for certain companies. twitter.com/GergelyOrosz tweeting to him would be useful, also adding your total comp

Show thread

Community sourced salary surveys and questionnaires, as opposed to large salary surveys such as Radford, provides a better and more current view when it comes to certain tech companies.

Gergely Orosz just published community sourced salaries for Germany at techpays.com/europe/germany# (though more skewing towards software engineering). In information security there are some community sourced questionnaires being collected, but largely skewing the US market.

Seems like there is at least a 2 hour delay in my timelines and notifications...

@hcs

Yes, my account is indeed locked with new follows and has been for a long time now. I usually want to see if there are common interests, a bio and more recent interactions to help gauge.

I do a check every once in a while to see who does a request, but once I OK a request to follow, I tend to follow back.

I also like to boost other people's projects / research / AMA / request for info etc as a way for others to discover their account (especially when they are new).

Show thread

Another intro post for current/new folks

- Australian, living in Berlin. Before that, UK, Canada, Ireland and France.
- I enjoy travelling. See @hcs account (more personal, though I spend more time here). I have had other accounts here which I rarely go on now.
- Digital nomad since 2016, working fully remote in information security
- Self-employed consultant. I don't represent any company.
- Interested in money management, bitcoin..
- I have various domain interests over the years.

Risk management frameworks: Your choice and why?
NIST SP 800-30/39/53
ISACA's Risk IT guidelines
ISO 27001 risk management framework

CIS Completes SOC 2 Type II Audit Using CIS Best Practices cisecurity.org/insights/blog/c

You can download the spreadsheet at the bottom of the announcement

"Most technology skills are adjacent to the needed cybersecurity versions, and there is no faster way to learn the role's required skills than in the role. Whether you are self-taught or formally educated, I encourage folks to apply." darkreading.com/edge-articles/

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.