|
|
|
|
|
|
by nanocode
810 days ago
|
|
|
>If I'm honest, most security engineers suck. 90% are crappy IT Admins or Compliance Monkeys who did CISSP and maybe worked for PWC or an MDR for 1-2 years and don't know the difference between NFTables and NTFS As a security engineer, I agree. I hang up and work with really skilled people, so sometimes I'm shocked when I work with a client's it security engineer and they barely know how to use a terminal. Sometimes don't even have a way (or skill) to use SSH. Not to mention that I code/script every day, and most "standard" big company security engineers just use ready made tools. Sorry for the rant. >I don't give a rat's ass that you like using Mosh or xyz project on GitHub (not trying to pick on Mosh).
>I don't care that you feel restricted by having to use MacOS laptops and SSHing into a CoLo protected behind ZPA when you'd rather use ArchLinux on your work laptop. I somehow agree with your examples, but not sure if I agree with the overall idea behind your messages (as written). People have different workflows, and forcing everyone to the same mediocre one will just hurt productivity. Of course there need to be standards, but if people feel restricted by having jump through hoops on unfamiliar operating systems and spend a lot of time and frustration fighting them... Then they're probably right. You should listen and give way more than rat's ass to engineers problems. |
|
|
I completely agree with you!
I think all us people in the cybersecurity space are cranky ;)
But it also brings up a good point. I feel bad quality User Experience is a critical cause for bugs and misconfigurations. And UX isn't just "look pretty" - it's about optimized and simplified workflows.
> most "standard" big company security engineers just use ready made tools
I've worked for vendors and have funded vendors, so I might be biased, but ready-made tools can be helpful.
The issue is if you are using tools without understanding the underlying architecture or design of your platform.
If you're just a script-monkey and only concentrating on the what, security automation is going to take your job away (and is already in the pipeline in the IR world as we speak)
> Sorry for the rant
No worries. You yourself replied to my rant XD