/biz/ - Business & Finance

bump

Hi OP I am looking at getting into that field of work, what are your quals? and how did you get a job in it? Everything I look at wants someone with experience.

>>9151575
Ok i'll bite. Shill be the most promising crypto projects you have come across, preferably micro and low cap coins but mids are ok too

>>9151575
what's the best setup to trade crypto safely?

>>9151656
For the typical route, here's the basic fundamentals that will land you an entry-level job in cyber security. From here, it depends on whether you want to focus more on the infosec management side of things, GRC / compliance, privacy or penetration testing / code reviews etc.
>minimum bachelor degree in CompSci, IT, networking or (preferably) IT security
>A CISSP

For a more penetration-testing / technical avenue, look at obtaining some of these:
>OSCP
>OSWP
>CEH
>Relevant SANS certifications

For more compliance, GRC / Governance etc. aspects, consider obtaining:
>CISA
>CISM

A good foundation for experience, if you can't get direct cyber security experience, is IT work. Sysadmins, network administrators (even junior roles), IT engineers and entry-level analyst roles offer good experience and a solid platform to move into cyber security. Development roles are also good.

For your best chances, demonstrate your experience. Go out there and RESPONSIBLY find vulns, report them, and document them on your CV. Go and hunt down things for 0-days (if you have found a CVE, that's awesome for penetration testing). Demonstrate your capacity in the specific area you want to get into.

>>9151691
Confido looks pretty good

>>9151575
What's your password hash?

>>9151575
>Confido

And what is it about this that makes you, as a security 'expert' advise buying it?

>>9151745
Your specific security setups will depend on your risks and threats. I'm not going to focus on things like paper / hardware wallets, but instead on the typical threats facing the typical crypto investor. For the average guy who trades at home, here's what I can recommend from a foundational perspective and upwards:
>Ensure that your OS has sufficient AV and Anti-Malware
I've found that Avira Free has the lowest false-positive and best heuristics, coupled with greatest flexibility in configuration. I've accidentally deployed Wannacry on my own machine instead of a VM and it's stopped it in its tracks. Used it for years. Malwarebytes Anti Malware is an exceptional AM, in fact I caught onto it years ago because the hackers in the forums I browsed used it as the benchmark by which their polymorphic RATS would have to bypass to be successful. Not many did, and even less do now. It works fantastically with Avira. For a tougher-still setup, you can bolster your home machine with a firewall with Heuristics, like Comodo. It works exceptionally with Avira and MBAM, and will catch any loose-ends these fail to do.
>Set up your email accounts you use to register for online services with strong unique passwords, register your phone with 2FA and apply random answers to your security questions
For example, the answer to "What's your mothers maiden name" should be something like "Rock chair upside-down desk lamp" - something unguessable even if that information has been found. Preferably, you'd set up your own domain / email and apply the same concepts - this is because it's a little harder to reset and you typically hold account information which is harder to track down with OSINT.
>Use different passwords for every single crypto-related service you sign up for
This is an absolute must. Use Keepass, it's free, easy to use, will save you a dicktonne of time and safely generates secure passwords with a click. Backup the keyfile and database on a USB. (cont...)

>>9151746
>>9151774
Confido is a fucking scam and they exitscammed a long time ago. FUCK YOU OP AND YOUR FUCKING SHIT I HOPE YOUR HOUSE BURNS DOWN AND YOU DIE IN YOUR SLEEP TONIGHT EAT SHIT AND DIE BITCH

>>9151774
Dude I was kidding, don't buy Confido it was an exit scam. I'm going to stay away from crypto-projects in this thread as they're varied, and I'm not trying to establish myself here as a crypto expert at all.

>>9151799
Cont.
>>9151745
>Proactively obfuscate your identity online
Next time someone asks for a donation, simply google their wallet address. You'll likely see they've posted their address in other forums, which might contain a username. Google this username and eventually you'll find an email, or a social media account etc. etc. From their facebook page, I might check out their family and find their uncle; discovering their mother's maiden name, and you can see where this is going.
>Use non-identifying emails
For my crypto accounts, I use a dedicated email for each service. The email is named something like "3fou4htu9fow4t@[domain].com". This is to counter the previous point I raised and make OSINT harder. I register all these emails under false details (e.g. false names, dates of birth, locations, genders etc.) to make it even harder (if you do this, be sure to log all these details in case you ever need to recover your account).

For the average trader, this really is going to cover 80% of risk with 20% of effort. You can take the other 80% of effort to mitigate another maybe 5% or 10% of the risk but you'll never mitigate that residual risk (i.e., see the recent BGP-hijack which occurred on Etherdelta).

>>9151746
Thanks OP I have just a basic IT qualification just looking for some work now.

>>9151799
>>Ensure that your OS has sufficient AV and Anti-Malware

Haha. Oh wow...

Sorry kid, I appreciate you're trying to help, but don't call yourself a security consultant. Your advice is shit tier.

Do you even know how a wallet works? You didnt mention them once? Cold storage? What the FUCK are ypou doing coming in here shilling some fucktard AV software?

I've done security for nearly twenty years and brainlets like you should be on mimimum wage at Burger King, not pretending you know anything and fucking up other peoples IT.

For me, the most obvious sign that someone is not going to make it in security, is when they take any question about fucking certifications seriously. I think when they have the opportunity to offer security advice and one of the examples they give is 'career advice' and then their list of 'tips is THAT HORESHIT, then my eyes roll back in my head like Jaws....

Also, "Go and find zewwo day bugs guiz!!!!"

You fucking lungfish... Get out.

>>9151746
I'm 27 years old and never did any math beyond precalc should I even consider doing this as a career

>>9151746
How important is the degree part? If I have some real world experience but am a dropout.

>>9151801
Was obviously kidding, see >>9151810

A simple google of Confido would have revealed this sarcasm to any non-retard.

>>9151575
Hey. I’m finishing my law degree in 6 months. I’m quite interested in this subject and would like to some career advise. Should I learn to code. And if yes, where should I start?
Thanks

>>9151746
>>minimum bachelor degree in CompSci, IT, networking or (preferably) IT security

This is absolute balls. If you have skills and some basic report writing there is no need to be a graduate whatsoever. Most people I know think grads are absolute cucks. For good reason. They are.

I mean fucking hell anon; point one, line one, and you cant get that right? Do you slide your Nessus reports under the broom cupboard door so actual people dont have to look at you? ;-)

>>9151575
What catagories of math are needed for the role?

>>9151891
I started my first cyber-security consulting business when I was 17, during uni. By then I'd reported vulnerabilities in defence, military intelligence, nuclear research and other government and private assets (including Mt. Gox, believe it or not), such as facebook / google / mozilla / casinos. I had three job offers within my first three months of doing this. Within a year, I was approached by an investor. We developed that business into a company and two separate service lines. By the time I was 19, I was servicing clients in dozens of industries across 4 continents. I sold that business at 20 and by 21 I was hired by a global consulting firm as a cyber security consultant, in a position that put me roughly 6 years ahead of my peers.

If you didn't read my statement here >>9151799 "I'm not going to focus on things like paper / hardware wallets, but instead on the typical threats facing the typical crypto investor", and don't think that advice is commensurate with mitigating the risks faced by an average crypto investor, you've absolutely confirmed yourself for being just as retarded as your post makes you sound. For the record, I never attained any of those certs, hence my statement "For the typical route". What landed me my current role and success at the age of 22 was finding 0 days, responsibly disclosing vulnerabilities and growing a successful business. Enjoy being a wagecuck for another 20 years, faggot.

>>9151912
If you are genuinely, truly interested in it? Pursue it regardless of your background.

>>9151918
Depends on the level of your real world experience, but typically I'd say pretty damn important.

>>9151929
>Should I learn to code. And if yes, where should I start?

Start two to three years before you want to know it - because that's how long it takes, but yes, coding is fundamental to real security consulting. For you, I would say learn a basic language like python or javascript and then get into a smart contract language, either solidity or whatever hyperledger is using?

Otherwise, instead of coding you can go the infrastructure route another three years and you'll need to qualify as a systems engineer of some sort. around Windows, Red Hat, Cisco, whathaveyou.

It's a lot of work anon...

But it is worth it.

>>9151981

muh booty blasted bug bounty baby.
Whats the difference between defence and military intelligence? Is one not just a subset of the other? Seriously asking, I've never done .gov work because the government is where they hide all the fucking retards in the world these days?
Come off it, you know your advice was flabby, shit tier computer use garbage. It was also fucking opinionated and operationally a plate of fucking spaghetti. Dont come on here and pretend to do risk assessments (80 percent, lol) on other peoples money.

>>9151810
I apologize sir my caps lock key got stuck for some reason and I have torrets

I'm a computer science major at UGA with a perfect GPA. Do you enjoy security? It's always struck me as fun to learn about, but not so much in application. I'm going to graduate in a year, and I'd like to pursue an MD, but I'm not really sure what I want as a specialization. I'm very experienced with machine learning from personal interests, and I'd like to think I could apply that to any area. I like making games a lot though. Web design doesn't interest me so much because of how methodical it is. Is working in security the same way? Is it the same shit all the time? I'm just having a hard time deciding if I should go the technical or artistic route. If you could do it all over again, would you be in security, or something else? Would you recommend it?

I would sincerely appreciate a response.

>>9151975
Also, thoughts on decentralized exchanges such as LRC?

>>9151981
>in a position that put me roughly 6 years ahead of my peers.

oh, wow, pls stop...

>>9152053
I absolutely love it. I am so damn thankful that I've taken the consulting route, because it's varied, fast-paced, different every day and allows me to interact with hundreds of different clients, organisations, challenges, threats, risks and people every year.

When I started I was really driven to get into the technical aspects. I realise now that what I love is the governance and risk aspect. I love threat intelligence and incident response, and have had the opportunity to evaluate the incident response, disaster recovery and business continuity plans of every Government agency in my state, followed by facilitating disaster response exercises and oversee / report on their performance. It was so fucking interesting. I've been able to build the threat intelligence and incident management frameworks for the largest events in the country, and facilitate realistic disasters in hospitals. I absolutely love every second of it and am damn thankful for where I've guided my career to (quite incidentally, too). Because of this, it's a joy working on that stuff every day.

Some stuff is repetitive and sucks (like writing vulnerability assessment reports or reporting to client's audit functions), but it doesn't suck nearly as much as other repetitive tasks in other roles / jobs. It's really a terrific industry and exciting job to have if you love cyber security.

>>9151975
Depends on what you want to get into. If you're looking at Infosec consulting, absolutely no math. If you're looking at penetration testing, maybe a little on the programming side of things. If you're looking at specialising in code reviews or encryption (though it would likely be a research or development role), then a whole lot.

Really though, unless you're heavy into technical sides of things, the math related to programming is about as far as you'll need.

>>9151929
If you want to get into technical sides of things, programming as a background is useful and demonstrates your proficiency in IT, generally.

Programming will be useful if you're doing penetration testing, working internally as a security analyst, doing threat hunting or working in a Security Operations Centre. If you want to focus less on the highly technical sides and more on governance and risk, it will matter only slightly (but still will be good to have that background and demonstrated proficiency).

>>9151947
Can you imagine explaining that to an interviewer? Almost as retarded as this guy >>9152039

>>9152118
Would you be willing to post a throwaway email? I am graduating with an Information Assurance degree in a week. I've got a job lined up, but it's from a consultant role and I feel as though I won't be able to expand my technical skills which I've learned at school at all. I've probably got dozens of questions. Thanks OP.

>>9152251
https://privnote.com/JiCvow6c#JE6DS1omP

Post here when you've opened it

>>9152287
Gotcha. Thanks my man! I'd ask some questions tonight but it's 5 AM here.

I had a similar role to OP. Quit my job last month. Never been happier

>>9152311
Easy! Shoot them through and I'll respond whenever I get the chance next. Congratulations in finalising your assurance degree, that's fantastic. Best of luck with the consultant role too. It can be an incredibly demanding line of work, but it's highly rewarding. Looking forward to helping you as you move into the infosec space.

Are junior jobs in network security good? I'd love to transfer but I'm worried I don't have the knowledge. Currently a low level sys admin

>>9151575
Ledger or paper wallet?

>>9152389
They're interesting, yeah. You already have a technical background which will be advantageous. If I were you, I would start looking into network security activities - if you're in a junior role, you'll be taught to pick up skills as you go. Here's some considerations:
>you work in a oil and gas company
>a network engineer has detected that there's some atypical north/south traffic from an ICS device in a coal-fired power plant, 500km away
>the service ticket gets flicked to you. It contains an IP address and the date/time that atypical activity (communication to / from new IP address) was detected
Do you know how to isolate / capture that device's traffic from the network? Do you know how to analyse it and see who the foreign IP belongs to? Do you know how to search for other traffic to/from this foreign IP?
>the traffic appears to be encrypted
Do you know how to determine the best way of decrypting / deciphering it or whether it's possible?
>the traffic appears to be regular, between midnight and 1:00am every third Wednesday
Do you know how to pull these logs and look for patterns?
>the traffic was encoded in Base64 and has since been decrypted. It contains usernames, passwords and login information from other ICS devices within its subnet
Do you understand (broadly) how an organisation would escalate, contain, eradicate and recover from this?

Do some digging on network security applications, download and pwn some test environment VM's, watch lectures and brush up on network security concepts and you will be fine to learn more as you go.

>>9151852
>>9151746
Thanks based Cyber Security Consultant

>>9151575
What are your thoughts on Remme, if any? Its a security project so I figured you'd be curious about it

do aliens exist?

>>9151575
According to Ars Technica, it’s possible to leak private keys from cold storage.

Discuss

How would one start learning how to blackhat hack? (srs)

>>9151691

sumocoin.

Your thoughts on it?

>>9152500
Is the Security+ a valuable starting point for this field?

How much of cybersecurity is security theater?

IMO we don't need to harden hardware defenses because no one hacks through the hardware anymore. Unless it's a state agent where you're fucked anyways. The only really relevant cybersecurity thing is how to get the employeees to stop clicking on phishing e-mails.

>>9154150
Kek you 100% wrong

The Big defense corps are ONLY higher Hardware guys right now. Everything is being moved to hardware.
Its seriously buisness right now. Good time to get into business, all you need is good hardware thesis.

>>9154222
Interesting. Care to elaborate? What do you mean hardware? How would one do what you described? Noob here