Conversation

Notices

1. guizzy (guizzy@shitposter.world)'s status on Tuesday, 17-Dec-2024 03:57:21 JST guizzy

   in reply to

   • T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
   • WhiteExodite
   • Phantasm
   • 𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙
   @phnt @theorytoe @sally @bleedingphoenix I've interviewed a guy for a pentester position once that had no idea what a CVSS score was. The depth of his understanding of the job was how to run Nessus.
   
   I have worked with a pentest firm that did know what they were doing though.
   
   High variance field, I think because there's a lot of work both for hacks who just give someone a clean bill of health after a few trivial scans so that they can check a control on some regulatory certification checklist, and for people who really actually want to secure their systems and applications.
   • matrix07012 :thotpatrol: likes this.
   • Phantasm (phnt@fluffytail.org)'s status on Tuesday, 17-Dec-2024 03:57:22 JST Phantasm

     • T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
     • WhiteExodite
     • 𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙
     @theorytoe @sally @bleedingphoenix They are mostly a joke and the serious sec people hate them.
     
     Hire a security auditor and I feel like 80% of the time, they just come in with a MacBook, fire up Kali in Parallels and immediately start nmap for " open ports that shouldn't be" and light up your dashboard like a Christmas tree.
     
     Russia isn't even that big of a threat as they mostly dabble in ransomware as it is the most profitable. China and North Korea are usually more interested in espionage.