UnixGuy wrote: » Simple questions, is RSA Archer a tool worth my time investment? is it in demand? I don't have a good background in GRC, but would learning and using Archer on the job help get my foot in the door for GRC work? Share your experience
DatabaseHead wrote: » We are moving away from it and building an in-house solution. We use it for predominately risk management. The database is a blackbox, and you can barely get anything out of there. You have to export using XML reports, not very efficient. They lock their Stored Procedures down, that's their secret sauce and good luck getting a database schema, the principal all but laughed in my face when I asked for one.... I have set up several ETL feeds into Archer using their XML and Database transporters. My honest opinion, if you have a talented development team you could build a custom app to meet / scale to your business. Overall not impressed...... Side note I am a master data analyst, so I am not using the front end to often, dealing with automating into data mart and warehouses. So my experience is pretty much from ETL.
Ertaz wrote: » I've always heard that it shines on the analytics side/dashboard side. I suppose it's just another canned framework for data collection. What do you guys use to correlate your vulnerability data?
DatabaseHead wrote: » SSAS I found the analytics to be pretty weak, a lot of guessing and assumptions through the use of weighted averages. We use SSAS BI Edition, mainly using decision tree and cross correlation through the data mining tools. Visualization Power BI and SSRS for tabular reporting. We do have a BO report server spun up as well for reporting, but for statistics we use Cubes and Tabular in-memory tables for our data warehouse layer and BO, Power BI and SSRS for our presentation layer. As far as analysis goes we use the Excel data-mining plugin. I'd like to get access to SAS or Tableau, I don't have enough R development knowledge to frame and build charts etc... We are a small shop occupying in a very large one so we don't have the resources to utilize a data scientist or some other BI professional, although we are training ourselves in that path.
DatabaseHead wrote: » Taking a break right now from 70-461 It's hiliarous how much you actually miss when you get tossed into the work force and start learning a technology. I can build cubes and tabular in memory data models, but I don't know how to grant permissions for an end user for a particular database schema. One other thing I started to pick up is DAX, very powerful especially with the 2016 BI stack. I have a feeling, once I get into the integration and data warehousing I'll really start to take off. I literally missed DBA 101 lol.
UnixGuy wrote: » Wait I'm confused...so some of the answers are on the Data side of the product. what about if you just of GRC work? I assume you will be a user rather than a developer? I'm more interested in compliance and governance consulting side of things
Remedymp wrote: » I work on Archer as I do work for the company that produces it. But, I only use it for InfoSec work. It is worth learning if that is the tool of choice.
Ertaz wrote: » You guys sure are up late. @jcundiff I will shoot you a PM in the AM. I'd be very interested to see how you're doing threat mgmt.
