— New Member's Cloud Security Transition
Quick recap. The team discussed the transition to cloud security, with Saubhagya expressing interest in learning more about securing their cloud infrastructure. They also discussed recent fines imposed on T-Mobile by the FCC and the potential for increased cybersecurity investments, as well as the importance of certifications in the job market. Lastly, they shared their experiences with professional development and certifications, and discussed the challenges of obtaining points for certifications and the importance of practical skills and experience over memorizing information.
Show 5 discussion topics
New Member's Cloud Security Transition
Shawn welcomed a new member, Saubhagya, who is new to cybersecurity and is transitioning from on-prem servers to cloud security. Saubhagya expressed interest in learning more about securing their cloud infrastructure. Shawn advised that there's a lot to learn and suggested that Saubhagya stick around to learn more. David offered to conduct a breakout session to share his approach to onboarding clients who are new to cloud security. Saubhagya confirmed that they are using Google Cloud Platform (GCP). The conversation ended with Shawn opening the floor for any questions or topics for discussion.
FCC Fine, Cybersecurity Investments, and Industry Trends
Adam discussed a recent fine imposed on T-Mobile by the FCC, which included a mandate for increased cybersecurity investments. The team debated whether this trend would continue, with the US government becoming more prescriptive, especially in the healthcare sector. Kyle and Jay suggested that heavy government regulation was unlikely due to lobbying by major tech companies. Shawn highlighted the potential of mandated spending on security as a way to address budget constraints. Jay concluded that compliance was often the driving force behind security investments. alex expressed relief that something was finally being done about a long-standing issue, despite it being overdue. Matt and Shawn discussed the idea of a central licensing agency for cybersecurity professionals, but agreed that it was unlikely due to the wide range of disciplines and cross-functional aspects involved in cybersecurity. The team also discussed the upcoming Octane event in Las Vegas and the immaturity of the cybersecurity field, with Jay suggesting that more recognition and praise should be given to those working on the fundamentals of cybersecurity.
Professional Development and Certification Discussion
The team discussed their experiences with professional development and certifications. David expressed his desire to continue learning and considered renewing some Microsoft certifications. Eric shared his thoughts on determining which certifications are worth renewing, while Shawn shared his experience with maintaining his CISSP certification. Jay and Eric discussed the challenges of obtaining points for certifications, with Matt expressing concerns about his lack of formal security titles despite his extensive security work experience. The team reassured him that his experience could still be considered valid, with Shawn suggesting an endorsement from someone who knows his work well could be the key. Crystal shared her similar experience of not having a security title but still being able to validate her security experience. The conversation ended with Crystal discussing her work on a Red Hat Certified Specialist in Containers certification.
Certifications in the Job Market Discussion
The team discussed the importance of certifications in the job market, with Shawn and Chris emphasizing that while certifications can open doors, they are not always necessary. Matt shared his experience of studying for an Octa certification, only to find the content irrelevant and a money grab. He argued that practical skills and experience are more valuable than memorizing information. David agreed, recalling his own experience of needing to apply core knowledge in a business trip. The team concluded that certifications are situational and not always required, but can be beneficial in certain circumstances.
Cloud Certifications, Automation, and on-Premises Challenges
Eric recommended the AWS Cloud Practitioner certification as an entry-level introduction to cloud services and Jay suggested the CCSK certification for cloud security knowledge. Matt automated the SOC audit process using a Slack bot. Shawn proposed a second meeting time slot, with Chris volunteering to run it. The team discussed the challenges of moving back to on-premises solutions from the cloud, such as high cloud bills and inefficiencies, and the importance of having a good reason to move to the cloud and refactoring applications. Chris shared his experience with the visa process for his family's move to Singapore. The team discussed issues with the website csoh.org, which was temporarily down due to a DNS problem caused by a switch to Cloudflare, but Shawn assured it would be resolved by the end of the week and provided an alternative website.