this post was submitted on 12 Jun 2023
2 points (100.0% liked)

Blue Team

573 readers
6 users here now

Blue Teamers are the first (and sometimes last) line of defense in the ongoing cyber war. This place is to chat out detection strategies, complain about SIEMs, compare SOAR playbooks, or post mean memes about the Red Team.

founded 1 year ago
MODERATORS
 

Hey everyone! Since we're creating a new community here, I'd love to hear who's here.

I've been doing security for a bit over 30 years now. Made it up to a divisional CISO, then climbed back down the ladder to find a good work/life balance. Currently part of the security leadership team at a large US bank. I run a couple of teams right now, including a firewall policy engineering team and a production support center of excellence. I'm looking forward to seeing what type of community we can build here.

top 19 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 11 months ago

Late to the party.

20+ IT civilian, then DOD, soon civilian again.

Experience in general IT, Storage, VMware, DISA STIGs, etc.

[–] [email protected] 1 points 1 year ago

DFIR Consultant. Been doing this for a number of years now. Background in all aspects of IT starting from Help Desk to SysAdmin, Infra, and then as cybersecurity. Now trying to help anyone who needs it either on the DFIR side or mentoring anyone with an interest in cybersecurity.

[–] [email protected] 1 points 1 year ago

Hey there, DFIR consultant here. Started in the security world as a pentester and after enjoying some intrusion investigations that came to my lap, decided to try the blue side, done a malware analysis course and I am now working as a forensic specialist. Been enjoying the work so far, but get the imposter syndrome sometimes since i don't have a forensic certification, only security experience.

[–] [email protected] 1 points 1 year ago

👋 infosec newb here, 8 years in HVAC/R > 6 months in HD at MSP > ~8 months as SOC Analyst at MSSP.

[–] [email protected] 1 points 1 year ago

Open source developer, white middle-aged dude. I have too many hobbies. I'm trying to see if Lemmy makes sense for me and wasn't sure which server to choose (I know, completely unusual story), so I picked this one as I hang out with InfoSec people a lot :)

[–] [email protected] 1 points 1 year ago

I just wanted to try Lemmy and this instance was recommended to my by my tech friends. I haven't coded since high school (the closest I get is a couple of hours of trying SQL). I work in accounting, live in southern Stockholm, Sweden, union activist in my local syndicalist union, member of my local masorti synagogue. I'm in charge of internet security and other IT related issues on my firm, but that's because we're small and I'm the least bad on the position. I'm still struggling to get people to move over to password managers (yeah some co-workers still reuse passwords). After that, my plan is to push for 2FA where it's possible (though we already have it on our most crucial system).

[–] [email protected] 1 points 1 year ago

Jack of all for a small multinational, infra, chasing alerts, compliance and other this and thats as well as providing all things IT for a couple of small, actual, non-profits, also like to drive fast with #'s on and disappear into the bush with the kids as often as possible.

[–] [email protected] 1 points 1 year ago

Hi all! Couple of decades in IT, from helpdesk up to both Senior Consultant as well as IT Director. I really enjoy both the technical aspects of the job as well as developing junior employees and have wandered back and forth between both types of roles.

I read once a long time ago (Might have been one of Tay's threads?) that operational excellence was 90% of security, and really took that to heart. My clients and employers have generally been SMBs, so real security wins have often been stuff like "Hey what if the computers had passwords on them?" or "We're no longer keeping everyone's passwords in a big Excel sheet", but over time those have added to to some decent defense. I'm always looking to grow beyond the basics, and hope that this community can be part of that journey!

[–] [email protected] 1 points 1 year ago

Hey everyone! I'm a new kid on the block in terms of professional blue teaming. Landed a role in a large firm as a SOC analyst and really enjoying my job. Looking to move up quickly and very motivated to do so (I'm almost in my 30's and have mouths to feed 😂)

Previously, I've been bouncing through roles from IT service desk to various admin (non-IT) roles. I also enjoy a bit of web design and running my own SIEM on Raspberry Pi's.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Fellow grey beard here 90's edition, made it up to CTO with CISO responsibilities added on a dotted line to finance and legal so I scurried back down to a comfy Blue Team / Threat Hunt / Investigative role after some years teaching, mentoring, and consulting. My hobbies include horticulture, Krav Maga, as well as network and systems engineering - constantly building something.

I recently took some time off from the world to rehabilitate post spinal surgery which is where Krav Maga came into my life. I needed a way to retrain my muscles and muscle memory. Now I'm a few stone lighter, row for around 15 min to start my day, and dance and practice Krav while jogging in the evening.

[–] [email protected] 1 points 1 year ago

Salutations! I work in DFIR, have for the past couple of years. Before that I worked in IT - Systems Administration for a long time.

[–] [email protected] 1 points 1 year ago

Heya!

I am currently in a consultancy role, mostly doing penetration tests, but as everyone knows, "A pentest report without a way to fix findings is just a show-off document." Been doing this for close to 3 years. Before that, I spent a year as a SOC analyst for a global corporation, and before that I was a teacher. My hobbies include lockpicking, all ways to get where I'm not supposed to, and privacy.

Hope to learn a lot of valuable stuff here, and if I know an answer, I'll happily share!

[–] [email protected] 1 points 1 year ago

Hey everyone. Jason here. Full-time developer over at the Suricata IDS project.

[–] [email protected] 1 points 1 year ago

Hey all! I've been in infosec for about 20 years, did some red teaming but have really found the fight in defense. I currently work in the public sector, did some threat hunting and am now specializing in post-compromise remediation and countermeasures.

[–] [email protected] 1 points 1 year ago

Computers since 1980, programming, games, and now for almost 18 years incident response/investigation of computer crimes.

I am retired LEO, that now works for a security company (easy to figure out, not many folks named Vern) doing DFIR work in the OT space, including Incident Response Plan development and Tabletop Exercise design and execution. I taught DFIR at the college level for over a decade, but am on a break from that.

I went into management/leadership, but I stepped back to individual contributor about 15 years ago and it was the right choice for me. I love the zeros and ones, solving puzzles, and helping folks that are in a crisis.

[–] [email protected] 1 points 1 year ago

In professional IT since '06, but I've been playing with (and fixing) computers since playing with my dad's Timex Sinclair at the age of two. I'm a generalist who focuses mainly in OSes and automation, but I've had experience working in databases, mainframe performance tuning, security, cloud infrastructure, pretty much anything but web front-ends outside of tweaking a really basic Livejournal page's HTML. 😂

I've gotten as high as a domain and solutions architect; my three domains were Servers (Linux), Security, and Automation/SOA/DevOps (yes, I was a DevOps Architect, as much of an antipattern as that is... I didn't make the titles! 😅). Currently looking for a new SRE/DevOps/DevSecOps gig after getting let go during some layoffs recently.

As far as InfoSec is concerned, I take a very strong "Security is everyone's responsibility" approach, since it's us humans against the machines and "bad guys." Even a newbie can pull a Cliff Stoll and say, "Huh, that's funny." We need to band together in community, so I'm hopeful this will be a net-positive.

[–] [email protected] 1 points 1 year ago

👋 infra sec blue team lead for a large tech company

[–] [email protected] 1 points 1 year ago

Hi, security consultant and service developer focusing on OT and DFIR. Working for an international consulting firm, based in Europe. Originally a chemical engineer. Big fan of knowledge sharing!

[–] [email protected] 1 points 1 year ago

IR dude with ~10 years experience across different infosec disciplines. Currently working toward making the jump to offsec/pen testing. Privacy advocate. Trying out Lemmy because of Reddit's 3rd party API shenanigans.