“Dear Lesley, I’ve been in a MSSP Security Operations Center (SOC) for a few months as my first cybersecurity job. The work is monotonous, I have access to only a few SIEM tools, and most of what I do is handle repetitive tickets for a ton of customers all by myself on awkward shifts. I… Read More Ask Lesley: How Much Should SOC Work Suck?
I recently ran across a tweet by the very insightful Fernando Montenegro in which he makes an interesting point about a phenomenon we occasionally run into while examining social media profiles associated with a business: Do people also find it creepy/sleazy coming across fake LinkedIn profiles when researching a company/vendor? Makes me question the ethics… Read More Human Honeypots: I Make Friends (and So Should You)
Foreword (Lesley) One of the hardest things to accept in information security is that we as individuals will simply never know everything there is to know about the field, or all of its many niches. Despite this absolute reality, we still often feel embarrassed to ask basic questions about topics we don’t understand, due to… Read More The InfoSec Amnesty Q&A
(Updated 2/3/2020) So, you’ve finally landed that infosec job of your dreams! The clouds have parted and angels have descended from the sky singing Aphex Twin. Congratulations, I believed in you all along. One small problem: they say you’re going to have to travel. Maybe to a customer site. Maybe to training. It doesn’t matter.… Read More The Infosec Introvert Travel Blog
This week, I address some burning questions about education and training. As always, submit your problems here! Dear Lesley, Let’s cut to the chase. I hate coding. I don’t enjoy building things from scratch. I do, however, love taking things apart, and would probably be able to learn to code if I started in… Read More Ask Lesley InfoSec Advice Column: 2017-03-16
This week, we discuss red team and blue team self-study, getting kids interested in security, and security paranoia. As always, submit your problems here! Dear Lesley, I am a threat intelligence analyst who is currently underutilized in my current job, and feel like my skills and tradecraft are slipping because of it. I’m wanting to… Read More Ask Lesley InfoSec Advice Column: 2017-02-26
Thanks for another wonderful week of submissions to my “Ask Lesley” advice form. Today, we’ll discuss digital forensics methodology, security awareness, career paths, and hostile workplaces. Dear Lesley, I’m a recent female college graduate that didn’t study computer science but is working in technical support at a software company. The more I learn about… Read More Ask Lesley InfoSec Advice Column: 2017-01-30
Thanks for your interesting question submissions to “Ask Lesley”! This column will repeat, on no specific schedule, when I receive interesting questions that are applicable to multiple people. See further details or submit a question, here. Without further ado, today we have OS debates, management communication issues, nation state actors, and career questions galore! Dear… Read More Ask Lesley InfoSec Advice Column: 2017-01-19
Listen as Gary and Lesley discuss incident response, digital forensics, security engineering, security certifications, and more. Source: Show 128: Lesley Carhart Discusses Incident Response and Digital Forensics | Cigital
So what are these “challenge coins”? Challenge coins come from an old military tradition that bled into the professional infosec realm then into the broader hacker community through the continual overlap between the communities. In some ways like an informal medal, coins generally represent somewhere you have been or something you have accomplished. Consequently, you… Read More What’s a Challenge Coin, Anyway? (For Hackers)
tisiphone.net 