Ray Pompon
Brazen careerist
Where ambitious young professionals connect and grow
Already a member?
Welcome to Brazen Careerist!
Ray Pompon is using Brazen Careerist to share ideas. Join now to become a member and start networking with Ray Pompon and other professionals just like you. Learn more.
All Activity
Cameron Plommer
What's your best in-person interview advice?
4 weeks ago from JobSTART 101, Career Changers, The Career Hot Seat! and Professional Development2 more
Nicole Bienfang:
Ask the receptionist to be scheduled last. Then you can ask the interviewer how their day went, ask what could have been better, not to mention ...MoreAsk the receptionist to be scheduled last. Then you can ask the interviewer how their day went, ask what could have been better, not to mention you will be fresh in their mind!
2 weeks ago
2 weeks ago
Susan Jett
I'm curious about Info Sec Professionals, a colleague of mine is search for several positions (full-time) that requires this background. Where do you typically post resumes, etc? If you'd like details about these positions, please let me know.
Ray Pompon:
100% of the jobs I've gotten in infosec have been through word of mouth and colleagues. Same is true in reverse, whenever we've needed folks, ...More100% of the jobs I've gotten in infosec have been through word of mouth and colleagues. Same is true in reverse, whenever we've needed folks, I've always gone to my professional networks first. Neither of these things helps you, as a recruiter. Perhaps something useful to say, is we also announce jobs at professional meetings (such as the local InfraGard chapters, etc).
42 weeks ago
42 weeks ago
Ray Pompon
How do we report spam (both spammy users and the spammy links they throw down?)
Kent:
I have noticed quite a bit of spam as well. A way to flag it would certainly be a welcome addition to the site.
76 weeks ago
76 weeks ago
Ryan Paugh:
We just launched our new spam moderating tools and have some great community members who have volunteered to help us moderate. So you should be ...MoreWe just launched our new spam moderating tools and have some great community members who have volunteered to help us moderate. So you should be seeing less shady content on the site. We're doing everything we can to boot them out of the community as soon as they come in.
75 weeks ago
75 weeks ago
Jared Sperli
At #ISACA SV, I asked how will information security change when those who first started it retire? Linked is a great response post from one of the panelest, Dr. Eugene Schultz. The man knows his business very well. http://goo.gl/iXCpu
I would like to get the pulse of Info Security folks on this specific site in terms how they future may look for upcoming generations when we take over the C-level security jobs.
Thank you,
Jared
Jared Sperli:
we are still looking only at enterprises, but I will let you know if we make the switch
78 weeks ago
78 weeks ago
JRandom42:
I'm still waiting for the Alt-Del-User control that was supposed to cause the old teletype terminals to overload and explode. Wonder if it's being ...MoreI'm still waiting for the Alt-Del-User control that was supposed to cause the old teletype terminals to overload and explode. Wonder if it's being coded by NSA for modern systems. That's going to be the next step in eliminating security threats! :)
77 weeks ago
77 weeks ago
John Meyers
I have a new web site I built. I plan on adding it to the top of my resume to aid in my job search. I am still generating content, but I wanted to get some feedback on it. http://www.attackdefendsecure.com
Ray Pompon:
It's a good start for a site. The landing page is a little generic, which is fine. I think the next step content-wise would be to sketch in your ...MoreIt's a good start for a site. The landing page is a little generic, which is fine. I think the next step content-wise would be to sketch in your specialties. From your blog, it seems that this is forensics and malware analysis - both hot areas. I'd make sure any articles, papers, talks, and major cases you've done in those areas are featured prominently. For example, your SANS Mentoring... perhaps some info close to the top with some bullets on what you'd be covering... a few words of wisdom... and 2-3 sentence war stories.
80 weeks ago
80 weeks ago
John Meyers:
@ Jared, I checked out your site, I think what you are doing is the future of malware detection. I don't think signature detection can keep up. ...More@ Jared, I checked out your site, I think what you are doing is the future of malware detection. I don't think signature detection can keep up. When I can write malware with Metasploit that bypasses most detection on Virus Total, thats a pretty good indication that we need a better solution.
@ Ray, Thanks for the feedback, it has given me some ideas on how to improve my site.
80 weeks ago
@ Ray, Thanks for the feedback, it has given me some ideas on how to improve my site.
80 weeks ago
Ray Pompon
My VB2010 paper on "Case study - successes and failures apprehending malware authors" avail for DL at http://www.planetheidi.com/Pompon-VB2010.pdf
Gauri Nawathe
Is it ok to make mistakes? Have you made mistakes at work? How did you correct them?
As an intern I often trip and stumble. I understand that now is the time to make mistakes because it is through them that we learn. But at times I feel it seriously undermines my chances of being employed at this company.
What do you guys think?
Sadya Siddiqui recommended this
Kenji Crosland:
In my first "real" job I was so concerned about making mistakes that I asked my boss about every little tiny decision that came on to my plate. ...MoreIn my first "real" job I was so concerned about making mistakes that I asked my boss about every little tiny decision that came on to my plate. Even when I did this I made plenty of mistakes. It would have been more worthwhile if I took it as a given that I'd make mistakes no matter what and strive to learn from them.
103 weeks ago
103 weeks ago
Vanessa Alvarado:
You WILL make mistakes at work, it's unavoidable. After making plenty of them you'll learn to quickly recuperate from them and take the lessons ...MoreYou WILL make mistakes at work, it's unavoidable. After making plenty of them you'll learn to quickly recuperate from them and take the lessons they give along with you on your next task.
103 weeks ago
103 weeks ago
TOP IDEA:
Ray Pompon
Improving law-enforcement cybercrime response and victim assistance. http://www.virusbtn.com/conference/vb2010/abstracts/Pompon.xml
Penelope Trunk
Hey you guys. Did anyone listen to the webinar we did last night with PayScale? The guy from PayScale is so cool. He's a physics Phd who studies salary data. Okay. So, anyway, he said that people top out in their salary around age 38 - then their salary plateaus (if they are lucky), wherever they are. I have found this to be true. How do you think people should manage their careers given this information.
Lori Fagerholm recommended this
Paula Duarte:
I'm 36 with two kids (oldest is 3) and wouldn't be surprised if my salary plateaus at this point. I like my job and my company, and my salary is ...MoreI'm 36 with two kids (oldest is 3) and wouldn't be surprised if my salary plateaus at this point. I like my job and my company, and my salary is good. But once my kids are older, who knows? At least I'm well-positioned to have good option in the future.
110 weeks ago
110 weeks ago
Paula Duarte:
Oh - maybe it would help to mention that my salary has jumped 30% in the past three years. For all you moms out there worried about your earning ...MoreOh - maybe it would help to mention that my salary has jumped 30% in the past three years. For all you moms out there worried about your earning potential. The salary jumps were a by-product of job-hopping. It's staying where I am -- something I plan to do for a while -- that makes me think my salary will plateau.
110 weeks ago
110 weeks ago
TOP IDEA:
Ray Pompon
InfoSec defense is both an art and a science. But how much of an art and how much of a science depends on the practitioner's experience and training. http://assumebreach.blogspot.com/2009/10/art-and-science-of-infosec.html Actively working now to define this more.
TOP IDEA:
Ray Pompon
Vulnerability scanning and pen-testing services differ vastly. Special consideration needs to be taken before hiring a tester. http://assumebreach.blogspot.com/2008/11/what-is-good-pen-testing.html And ultimately, even their intended purpose may be compromised by the buyer http://assumebreach.blogspot.com/2009/10/why-do-pen-tests-suck.html
TOP IDEA:
Ray Pompon
Improvised Electronic Deception is a viable alternative to standard infosec passive "hunker down and take the punches" method of defense. http://www.iedtalk.com/
Ray Pompon
Though experiment from a colleague -
This is a hypothetical – If I operate a store where you buy stuff and every time you use a CC, I perform a 1 way hash of the card # to reference a database and stuff the purchase info in, theoretically the only way to get the data for customer X from the database is to have their CC.
Is there ANY PCI implication of associating the one-way hash with the purchase data, even if I include EVERY other PCI trigger (name, address)?
Ray Pompon
I know it's career gold to give talks at conferences, but about 2/3's of the time, I'm asked to be on a panel. Frankly, I hate them. Never get to say anything relevant other than answering the inane question (or dodging it like a politician by not answering the question and injecting my own agenda) Then, having to listen to my fellow panelist wax idiotic on the topic I wanted to address. I'm thinking of politely declining being on panels (esp the disorganized ones) but is that a good idea?
Penelope Trunk:
I say no to all panels except to SXSW, which is always a fun place to do panels. I think you need to have a bigger goal than "speaker". Because ...MoreI say no to all panels except to SXSW, which is always a fun place to do panels. I think you need to have a bigger goal than "speaker". Because first of all, it's an impossible lifestyle (in 2007 I traveled 45 weeks out of the year) and because it's sort of vacuous. I mean, if you are a full-time speaker then what are you speaking about? A life you used to lead, instead of what you're leading. Because you can't lead a life interesting enough to speak about if you are a full-time speaker.
124 weeks ago
124 weeks ago
Ray Pompon:
Thanks Eric and Penelope. I'm feeling more confident about selective now. Yes, speaking is to enhance my current career (information security) ...MoreThanks Eric and Penelope. I'm feeling more confident about selective now. Yes, speaking is to enhance my current career (information security) and company, not the end-goal. There are some kinds of speaking I enjoy (guest lecturing on the university) but some of the requests are just equipment vendors wanting me to fill out their conference ticket. I'm going to be more focused on results rather than just tallying up numbers.
124 weeks ago
124 weeks ago
Ray Pompon
Rather than asplode a bunch of 2010 predictions, I thought I'd just focus on one big one with many facets http://assumebreach.blogspot.com/2009/12/everyone-else-is-doing-predicti...
Paul McGinley:
Great post Ray. (In regards to number two:) As one in the physical security sector I can say that this has a huge potential for loss and damage ...MoreGreat post Ray. (In regards to number two:) As one in the physical security sector I can say that this has a huge potential for loss and damage in the physical world as well. Information gained in phishing attacks can easily be used to breach a physical perimeter as well as gain access to data in a virtual environment.
123 weeks ago
123 weeks ago
Ray Pompon:
Thank you. Indeed, physical attacks are often a blind spot for most infosec folks. And blended attacks -> use cyber to enable a physical ...MoreThank you. Indeed, physical attacks are often a blind spot for most infosec folks. And blended attacks -> use cyber to enable a physical attack or vice-versa is common avenue but often overlooked in assessments.
123 weeks ago
123 weeks ago
Penelope Trunk
Warning. I'm about to do a very bad personal branding move. Do not try this at home....
I'm so sad today that I can't think straight. And I can't get any work done. But then I thought, well, maybe if I were chatting in my group then that would
1. distract me from being sad and
2. count as me working, since really, on some level, it is my job to be doing this group. I mean, even when we are talking about Lance's (questionable) dating tactics, it still counts as work for me.
Is anyone there?
B Maddigan:
Dear Sister Penelope,
Besides a lot of guys Are real Turds...
They feel that women are like cattle or property
and think who cares I'll just ...MoreDear Sister Penelope,
Besides a lot of guys Are real Turds...
They feel that women are like cattle or property
and think who cares I'll just get Another one
I feel that what Ruins a lot of relationships Is smothering
It's You & I, and You & I that's all
Familiarity Can/Does Breed contempt
The Best policy Is to Each have time with Your own friends
as well as with each other
Hmmm... sounds like a Plan :-)
128 weeks ago
Besides a lot of guys Are real Turds...
They feel that women are like cattle or property
and think who cares I'll just ...MoreDear Sister Penelope,
Besides a lot of guys Are real Turds...
They feel that women are like cattle or property
and think who cares I'll just get Another one
I feel that what Ruins a lot of relationships Is smothering
It's You & I, and You & I that's all
Familiarity Can/Does Breed contempt
The Best policy Is to Each have time with Your own friends
as well as with each other
Hmmm... sounds like a Plan :-)
128 weeks ago
Claire Veuthey:
P- not sure you need to pick a set #of days. Take a few, then try to go in the office. If it's not working, leave. I find if work is busy it ...MoreP- not sure you need to pick a set #of days. Take a few, then try to go in the office. If it's not working, leave. I find if work is busy it distracts me (thank god), but then smthing happens &I lose my shit. Week after week, though, I stay longer, get more done, &enjoy it more. I am so thankful my workplace is flexible enough that if I leave at 2pm, no-one bats an eye.
That said: I am so sorry. Obviously this doesn't in any way make YOU a less smart, witty, fun, desireable, loveable person.
128 weeks ago
That said: I am so sorry. Obviously this doesn't in any way make YOU a less smart, witty, fun, desireable, loveable person.
128 weeks ago
Ray Pompon
PCI mandated encryption is a fare - other than laptop encryption, how many people under PCI actually implement crypto for their applications that process PANs (ccard #s). Most of what I see are "compensation controls" because crypto is too expensive to do. What's you're take?
Dr. Anton Chuvakin:
Yup, my point exactly: tokenization or simply not touching the data by using other technologies works wonders to PCI scope, cost, etc.
129 weeks ago
129 weeks ago
Ray Pompon:
But what about those who cannot tokenize or remove the PANs from their applications because it breaks the business usefulness of the system? I've ...MoreBut what about those who cannot tokenize or remove the PANs from their applications because it breaks the business usefulness of the system? I've seen quite a few cases of large corps where it wasn't cost effective to alter the data in any way within the legacy app.
129 weeks ago
129 weeks ago
Ray Pompon
Everyone loving the weather? It'll get better, trust me. Sometime around April.
J. Kumm:
Three big storms in four days this week?! This is a little crazy, but also a little exciting.
What is your favorite way to spend a rainy weekend?
131 weeks ago
131 weeks ago
Ray Pompon:
We've got a 2-year old, so rained in weekends are rough. Usually Children's Museum, Ikea, B&N - anywhere she can run around and blow off energy.
131 weeks ago
131 weeks ago
Lindsey Marshall
Seattle is such a beautiful city! Just moved here from Chicago a few weeks ago.
Jake DeVries:
I'm over in Poulsbo. It's pretty over here and technically only 15 miles from downtown but it takes almost an hour and a half with the ferries!
102 weeks ago
102 weeks ago
Ray Pompon
Blogged Art & Science of infosec. Hint - the art is the hard part. http://assumebreach.blogspot.com/2009/10/art-and-science-of-infosec.html
Ray Pompon:
Thanks to Anton Chuvakin blogging a link to this article, I've got some terrific feedback and comments going. I'm thinking of combining this idea ...MoreThanks to Anton Chuvakin blogging a link to this article, I've got some terrific feedback and comments going. I'm thinking of combining this idea with my deceptive defense talk (http://www.iedtalk.com/) and doing something more with it.
130 weeks ago
130 weeks ago
Ray Pompon
Can we have group blogs? The tweets are too short and forums are too much. Group blogs could be moderated by creator & designated admins.
Ray Pompon
How can there be two groups with the same name but created by different folks? Confusing.
Ryan Paugh:
You're right about that. It's confusing. We're working on improving groups. In the meantime we are merging duplicates w/ owner's permission.
139 weeks ago
139 weeks ago
Ray Pompon
Culling through about a half decade of my talks, I decided to dig up some more exclusive content for this forum.
Kevin Durbin:
Not specifically your sites/links, just computer/network security words in general;we are a lower-tier site, but still are IS/IT so not good
139 weeks ago
139 weeks ago
Ray Pompon
Wishing I was at BruCon. Notes from Chris Nickerson's talk http://c22blog.wordpress.com/2009/09/19/brucon-red-team-testing/
GenerationXpert Suzanne Kart
This question is for the members of this group - I'm curious what are your 9/11 memories - you must have been pretty young...
Eric Schittulli:
I had 19 and I'm french I was working at home with the TV on The first thought was it's a movie. It takes 5 min to realize that was the news
139 weeks ago
139 weeks ago
Private Message
Following (2)
