Public companies are also in competition with their peers to attract folks (read enormous investment forms) to buy their stock. So they want their “shareholder value” to be competitive. Shareholder value is at a high level the appreciation of the stock price plus dividends. So public company management is given the goal of increasing shareholder value. Which is the number that must go up. Otherwise those enormous investment firms will buy their competitor’s stock instead.

I get a new Braun electric shaver about every 10 years or so. The shaver base lasts for a very long time. The Braun heads last about a year for me, so over 10 years they cost more than the initial shaver. I don’t buy the cleaning pods since to me a tap water rinse works just as well. I’ve not compared total cost of ownership against other brands as I’ve not had a reason to switch. I’m also interested in what others have to say. What is as good or better for their beard type?

It isn’t simple. Most people I know who have moved to other countries hired an immigration attorney to help. It’s not cheap. Also, you can’t just show up in Canada and get a job. There is a legal process that must be followed. If you don’t have employment with a work visa ahead of time, you have to show proof you have the savings to live without working until you find a job to enter the country to look for work there. Many people don’t have months of expenses in an emergency account to lean on. Lots of impediments.

I’ve been using my keyboard, Toast, for two years. I use it with a modified Miryoku layout with Colemak DH. It’s for work, travel and at home.

I open-sourced Toast too

https://github.com/vpzed/keyboards/tree/main/toast

I also built half an MX-switch Helix to have a fully programmable gaming keypad for home.

I’ve used Tenable Nessus Professional, and Tenable Security Center and both work well in their categories. Nessus Professional is a portable Nessus scanner a security person can take with them to do adhoc scans. Security Center (aka Tenable.sc) is a vulnerability management solution for an enterprise.

Their competition is Rapid7 and Qualys, but I can’t speak to those myself.

Pentesting skills are built upon skills in Linux and Windows system administration from the command line, networking, some coding usually in Python, knowledge of web applications and web servers, and more. When starting out it can feel bad because you want to learn out pentesting topic X, but then you figure out that you need to go learn at least the basics of fundamental topic A and B first. It’s normal so don’t worry about. Just dig in and enjoy the knowledge journey.

My personal opinion is that technical cybersecurity roles are not great straight-out-of-school jobs. Technical cyber roles can expect a candidate to already have experience with networking, system administration, some coding, technical writing, and presentation skills.

So starting with other IT roles like help desk, system administration and networking, etc. can help build knowledge.

Not a question but I’d like to provide some career guidance. If you’re interested in a career in penetration testing, please, please put some time in your training plan for technical writing. So many folks think the job is all hacking, but it’s really about a third project planning with meetings and such, a third hacking and a third writing. Writing rules of engagement, test plans, reports, presentations on results, etc. So business and writing is just as important as the technical stuff. A well rounded applicant will have better luck finding a role.

Thanks for listening to my Ted talk.

I’m looking into Azure penetration testing training. Specifically Azure. I found NetSPI has an offering called Dark Side Ops: Azure Cloud Pentesting. Anyone have experience with this course or NetSPI training in general?

IMO penetration testing is a skill that is built upon knowledge of the fundamentals in a pretty long list of topics. System admin using the command line only for Linux and Windows, network administration like switches, routers and firewalls, web applications, databases, and programming. Again, the fundamentals. No need to be an expert. Knowing command line is key because usually you won’t have GUI access to targets.

So what I tell folks is to look at where they have gaps and do some introduction courses on those topics.

For example if databases are a weak area learn the basics on some SQL and no-SQL databases. That will help lay a foundation for later learning database attacks like SQL Injection.

Same applies to many penetration testing concepts. One needs to understand the underlying fundamentals that support the attack to really get it.

Then it’s a matter of building skill in identifying weaknesses and matching those up with a technique that can exploit the weakness. That is a continuous learning process because tech never sits still. It’s perfect for the perpetual student type.

I recently achieved a multi-year goal of obtaining the OffSec Certified Expert3 certification after achieving the OSCP, OSEP, OSWE, and OSED penetration testing certifications. It was a serious grind but I learned a lot, the skills are applicable to my work, and hopefully all this alphabet soup helps if I end up looking for a new position in the future. Right now I’m glad the grind is over and I can start building depth of knowledge in some of these areas.

I’ve run Linux for years on servers and in VMs in VMware Workstation, but not my main OS because of games. I’ve tried before but games just didn’t work well. Tried again recently and the games I’m playing now worked with no issues with Lutris and Steam. I could already do “everything else” on Linux so this is the longest I’ve gone without booting back to my Windows disk. Already have a Kali VM in virt-manager and will add a Windows VM if I hit an application snag. But so far haven’t had any app issues. If this continues I’ll be wiping the Windows disk to make more space for Linux.

What Vivaldi features do you feel are game changing? I’m not that familiar with it and would love to hear from someone who uses Vivaldi.

There is no one way to secure Linux servers because Linux isn’t one thing due to distribution sprawl. How you do things depends on the distribution. If you want a general guide the CIS Benchmarks are a decent place to start. Then you can make a guide on how to implement them with your target Linux server distribution. Keep in mind this is for the OS and application hardening is just as important, and is an entirely different can of worms. https://downloads.cisecurity.org/#/

Something I don’t think is talked about enough in offensive cybersecurity training / skill development are communication skills. Too often we are seeing folks try to enter these roles without the ability to write reports and give presentations to audiences with a mix of technical and business attendees. My recommendation to folks considering these roles is to put in the time to get communication skills to a very professional level. Train it just like report writing or public speaking was a new shiny hacking certification. It will improve your chances of landing the job.

Thank you. These examples show more settings than I’ve found anywhere.

Yes, after switching to the NixOS KDE desktop it is very nice looking desktop environment out of the box. Nice than the NixOS Xfce setup. I was also pointed to plasma manager to try moving some settings into my .nix files.

I asked this question on Mastodon and got some helpful answers. I haven’t had the time to try anything yet, but here are some links. KDE: https://github.com/pjones/plasma-manager Gnome: https://hoverbear.org/blog/declarative-gnome-configuration-in-nixos/ Xfce may be similar to the Gnome article but using xfconf and xfconf-query to get the settings to apply. Again I haven’t tried any of these suggestions. This is a summary of the info I got elsewhere.

Starting Offensive Security EXP-301 Windows User Mode Exploit Development next week. Binary exploitation isn’t needed much in my work, but need it for OSCE3. After this I hope to be able to stick to normal training courses built for working professionals - instead of second job for many months plus grueling 72 hour exam + reporting courses. “Just one more and then I’ll quit”. Lol.