Probably security auditing aka GRC because everything else is a shyt show with zero work life balance.
IT Certifications and Careers (Official Discussion Thread)
- Thread starter fendi_mane
- Start date
RealCrownHeights
All Star
Also, I was wondering if I could volunteer at maybe a Church, School in the IT department while working my current job while also learning my Network +, Security Plus+. That way I can try to skip that help desk time period
I definitely wouldn't waste time on the helpdesk these days. I only stayed on the helpdesk for 5 months when I started. Just a complete waste of time in my opinion.
What do you recommend he start with?
I would only start out in either desktop support or network technician never helpdesk. Because helpdesk is usually a waste of time if you stay put longer than a year.
That makes sense. Some people use help desk and desktop support interchangeably. So I was wondering what you meant.
I started out in IT asset management. It gave me experience with ticketing systems and the occasionally shytty user (and coworker). After that job, I just faked my way into desktop support.
Forget to enable MAC address sticky on a corp network, brehsbruh i swear to god I hate IT
some dumb ass brings their old ass laptop to work with WINDOWS XP on it with no patches whats so ever and infects the entire network
So guess who has to stay onsite for an additional 5-6hrs trying to debug this shyt
i don't even know how he even got cleared to bring that thing inside the building since we have a 100% no tolerance policy when bringing in laptops
Can you break that down as to how that might prevented that from occurring?Forget to enable MAC address sticky on a corp network, brehs
Mirin4rmfar
Superstar
Just get the I.T project management bag lol. You will make six figures asking engineers is there any update on this
hey where are we along with this implementation, hey client is frustrated, any progress on this 
this is high priority, management visibility 
.
That's very true. I don't know why but we dont talk about GRC enough on here.
Like 10 years ago, we saw cloud coming and becoming the next in demand skill
. It still is to a certain degree. GRC will be the wave possibly for the next 30 years
. There are lots of technical dudes out here. If you can do anything related to GRC and you come from a technical background, you'll never have to worry about making money ever again
.2 specific areas of GRC are coming strong from what I see :
- Compliance : this is more about a company showing that they have a strong security standard and they decide to get certified (ISO 27001, CMMC...). There is also SOC2 audit that are performed by an external auditor. So basically, companies get certified to show customers that they are serious about security.
- Data Privacy : How do we protect people personal info ? This shyt is the next biggest thing to look out for. Think about health data (HIPAA) or personal data (NY privacy act, CCPA GDPR for europe)
Let's get this money brehs
As a side note, I see people coming around asking career questions
. I beg you, READ ALL THE PAGES OF THIS THREAD
. There are so many jewels in this thread, I don't think anyody can even imagine
. I discovered the Coli and this thread in 2015, it changed my life
. I went from barely employed to consultant with my own LLC in 7 years basically
We have to do the knowledge, it is all here for you. Take 30mn each day and just read it for about a month, all profiles have been addressed over time
.
Suicidedoorsonabuick
Rookie
TBH I thought I did set the Sticky Mac address so this shyt doesn't happenForget to enable MAC address sticky on a corp network, brehs
but long story short this guy plug it in via LAN in one of our lobbies that has Ethernet ports available, all I saw was a big ass alert notification via snort saying that an intrusion was detected
by the time I located where he jacked in at and kicked him off our network was infected with a root kit and a mailfinder
granted I got our shyt cleaned and re-harden everything again and back to normal
hopefully when I bring this up in my weekly report (which prob won't go anywhere like usual) we can just go around and cap off those LAN ports
Look into a NAC solution too. It makes endpoint management a lot easier.
O.T.I.S.
Veteran
Yoooo… this is actually what I wanted to do.That's very true. I don't know why but we dont talk about GRC enough on here.
Like 10 years ago, we saw cloud coming and becoming the next in demand skill
2 specific areas of GRC are coming strong from what I see :
- Compliance : this is more about a company showing that they have a strong security standard and they decide to get certified (ISO 27001, CMMC...). There is also SOC2 audit that are performed by an external auditor. So basically, companies get certified to show customers that they are serious about security.
It is not as exciting maybe as pentesting or networking but GRC is where the real money is. I just opened my GRC consultancy LLC and I have too much shyt to do.
- Data Privacy : How do we protect people personal info ? This shyt is the next biggest thing to look out for. Think about health data (HIPAA) or personal data (NY privacy act, CCPA GDPR for europe)
Let's get this money brehs
As a side note, I see people coming around asking career questions
We have to do the knowledge, it is all here for you. Take 30mn each day and just read it for about a month, all profiles have been addressed over time
I actually just got pentesting but plan on doing more. My goal is to do vulnerability testing or compliance checks for small businesses maybe
