Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
I just started my first official cybersecurity position at a medium size company in an industry that is currently being heavily targeted with ransomware.
I’m starting pretty much from scratch as they have not had a dedicated security role in over a year and my predecessor didn’t make much progress. So far i’ve been focused on inventory lists, policies, and procedures for hardware, software, and data. I think we’re doing okay with minimizing stuff thats internet facing and patching is in a good place (well, at least with the devices and os’s that are still supported).
Any suggestions on where to go from there or what to prioritize?
https://www.cisecurity.org/controls/v8
Thanks! This is actually exactly what I have been basing my efforts on so far, it’s just sobering to look at how far away we are from completing implementation group 1.