Finally Doing Something Security Related

the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
Well today my boss ask me to do a risk assessment for our HQ. I have a lot on my plate, but this will at least give me something to look forward too. We did discuss some stuff today, where he said "don't worry about money, doesn't mean we'll do what you suggest, but don't not put something due to money." I replied that a lot of things we needed to do didn't require money to make us more secure. Nice to at least get a chance to do something, more experience for the resume!
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff

Comments

  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    Thanks man, I will be picking them up eventually. I took a course in college on risk assessment and as a project I did the risk assessment for my school. I might look to see if I kept my book, but I know I have the project still. Thanks again!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    I'll post back how I like them. IMHO, risk assessments and IT audits are the most tedious part of the job. I get why some people thrive on it. They're very detailed oriented and like to make sure ever I is dotted and every T is crossed. I'd rather pentest, setup a lab, teach someone something, etc. Congrats to you though. That sounds like a good stride forward. That experience is nice to have, even if it just becomes a bullet point on your resume for something bigger and better in the future.

    Paul Boz and I were brainstorming how to make risk assessments fun. I had some interesting scenarios, but I am definitely partial to his concern that Jurassic Park might become real and we'd have to defend against velicoraptors on the mainland. I'm pretty sure lasers would need to be involved.
  • GAngelGAngel Member Posts: 708
    I love risk assessments. I spent the last year doing them and coming up with the most insane scenario's.
  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    I'm with you on the Jurassic Park scenario. Though, in my experience, I believe we need to be better prepared for a Zombie invasion. Might tell the company we need to stock up on weapons, ammunition, and food. Plus training for double tapping to make sure they are dead. More good news, company wants a penetration test done within the next couple of months.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
    The Jurassic Park scenario is more likely than a Zombie apocalypse because the genetic mutations would be super easy to pull off. you absolutely 100% have to be prepared for T Rex and raptor attacks. You don't mess around with that. Zombies can be taken down with a shotgun. dinosaurs laugh in your face at a shotgun. Period.

    In all seriousness though, definitely take your time when doing the risk assessment, especially if you have never done one before. Start with the policies and procedures currently in place and ensure that you have mitigating controls for your perceived risk. There are also free risk assessment frameworks on the SANS website.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    Yup that was my plan as most of our issues are policies based. Right now I have bigger projects that are considered more important so I will do a little at a time with this one.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
Sign In or Register to comment.