Blue Team positions, junior or senior. There’s no shortage of decent penetration testers but when it comes to the other side, whether it’s incident response, detection engineering, security operations, etc it’s been very difficult.
I’m talking months to find someone. Many candidates apply and look good on paper but turn out to just lie and made us waste many hours of interviews.
As for the why, I suspect one of the following:
- good candidates already have a job they love
- people are not willing to relocate (job is remote but inside one of the countries we are operating in, which is 80)
- there is simply not enough people in the field, which goes back to my first point
My view on this is that, unfortunately, blue team positions are seen as entry positions. In general blue team members have little autonomy. They don't chose the suite of tools, protocols and have little mandate in a company to change a single thing since they're a cost centre.
The job is frustrating because many socs are beholden to central IT to fix even high severity issues, this generates a lot of friction. Most organizations have a big feed of alerts that trigger on everything from ransomware, to a user plugging in a razor mouse... This makes the job frustrating and boring. Contrast this to red team positions. If they're lucky they get to cowboy all through the network never asking permission after initial sign-of. And why would they? Nobody spots what they're doing anyway, as long as you don't create problems in prod.
Those are very valid points. I had not thought of them. However, what you describe here really is not the reality of our team but I agree it’s the case in most places.
I work for a large multi-national in the entertainment industry with a really good work culture. We leave a lot of autonomy (we in fact expect people to become autonomous) and trust that we all know how to do our job. It has been very rewarding so far.
On the technical side, very few of our positions are entry level, some are but most are more advanced.
For example, we reached a maturity level where we don’t only build detection but we also build unit tests for them, either by making our own payloads or use and contribute to projects like Atomic Red Team. This requires excellent knowledge of OS internals, cloud security, system programming, etc.
Your comment makes me think we should try to reflect all of this in the job description to make the positions more appealing. There might be good candidates out there hesitating, thinking it’ll be like life in an MSSP SOC.
> My view on this is that, unfortunately, blue team positions are seen as entry positions. In general blue team members have little autonomy. They don't chose the suite of tools, protocols and have little mandate in a company to change a single thing since they're a cost centre.
And companies looking for experienced people somehow expect the pipeline of candidates that often come from such a typical environment to have all kinds of advanced skills already. Which obviously doesn't work, and thus they compete for the same small-ish talent pool (which has skills also applicable in plenty other roles too) instead of building that pool.
Unlikely to switch careers as I am an SWE already, but for my own learning, how does one learn the blue team side? Any recommended courses? I see far more penetration testing material out there.
If you don’t want to start in a junior position such as triaging, aim for things like detection engineering by learning OS internals (Windows or Linux), then also aim to learn the Win32 API. There are also lots of SOC and Blue Teams doing automation and orchestration where your existing skills could be handy.
Macros are less commonly used as an attack vector for initial access nowadays. Sure they’ll make it harder for macros, but still is possible to run a one-click attack by attaching a js, jse, hta, paf, ws, wsf, scr, etc. to an email.
I had the same feeling about iCloud before I had a Mac and just a iPhone, but now that I have a Mac and that there are features such as “Sign-in with Apple” and “Hide My Email”, I can’t imagine living without. Apple Books is also a great eReader for PDFs and ePubs on macOS and iPad/iPhone which provides syncing across all devices. Not just the books themselves but also the chapters you’re at, bookmarks, notes, etc.
I suggest revisiting and if it’s not for you, that’s fine. But otherwise, yeah never sign-in with Apple.
At least they are not agressive about it, unlike Windows 10 or even 11 home which doesn’t even allow local accounts.
Apple Books also syncs position in your own epubs, unlike my new Kobo Sage which’ll only sync reading position in books you’ve bought from Kobo. I still love my Kobo Sage and feel like managing my library with Calibre is better than Apple Books. But the iCloud syncing experience with Apple Books is clearly superior. People give Apple a lot of shit for their built in apps not being great (which is a good argument against them having a monopoly on iOS) but at least they nailed Books syncing.
Apple Books sends what you're reading, and how often, and when (and approximately where, via client geoip) along with your unchangeable device hardware serial number to Apple.
Remember when librarians basically revolted because the patriot act let the feds get library borrowing records without a warrant? Apple's Books app is several times worse. It's nonconsensual
spyware, even if you use only your own local files and never engage in trade with Apple for ebooks.
iCloud enables the (effectively unencrypted) iCloud Backup automatically on iOS, which sends a complete effectively unencrypted copy of almost everything on your device to Apple every night when charging.
Apple can decrypt the entire thing without you, your password, or your device. They do this when they receive a warrant, and they do this 20,000+ times a year for warrantless requests (no probable cause) from
the USG, too. This includes all your photos (effectively unencrypted) and all your iMessages and attachments. Nothing really important on your iPhone is private from Apple.
Also, if your cc fails for whatever reason, you will get locked out of your Apple ID, and won't be able to log in to or use any of the services you use Sign in with Apple on.
A bit of a tangent, but I'm not a big fan of Snaps (or Flatpaks for that matter). Whenever I tried to use them, I ran into issues as soon as I need to do some changes in the configuration.
Take Firefox on the latest Ubuntu for example, it installs as a Snap. Unlike the APT package (or any other package manager) version, the usual ~/.mozilla/ directory changed location. This broke some of my customization scripts and other people's scripts I'm using such as https://github.com/black7375/Firefox-UI-Fix
I would really, really, like if both Flatpaks and Snaps could keep the usual program's config directories. Then I would likely use them often because they have big advantages (especially Flatpaks) over package managers, especially for dependencies.
I kinda like that flatpak forces application created files to end up in a predictable place. Firefox, like plenty of applications, was doing its own thing despite XDG conventions (~/.config etc and associated env vars) being 20 or so years old, now everything is in ~/.var/app, plus flatpak knows if it belongs to an installed application or not.
Although I would have preferred if the hierarchy was reversed, so instead of having ~/.var/app/<app>/{cache,config,data} for each application, I could have all files of a category in the same place as to be able to manage them more easilly (say remove all the cache, version all the config), like it is now for the applications that respect XDG dirs.
Yeah kinda, but at least it's not every applications doing their own thing, it's the thing that runs applications, so assuming you only run sandboxed flatpak stuff, you end up with only one thing.
> But the subjects all lost weight even before they cut out carbs. Taubes contended that was because the standard diet didn’t have enough refined sugary beverages to depict average American consumption.
Doses used in the Mayo Clinic trial was about 1.5g to 2g for humans, 5 days per month, iirc. Also keep in mind that if you are young and healthy you won’t notice much and it’s the kind of treatment like most that are long-term, meaning you can’t do it 3 months and expect results.
There are many imminent aging therapies in clinical trials though or upcoming. Not saying it will reverse it but it may slow it down and compress the morbidity period. Such therapies include the promising Mayo Clinic trial on using large doses of Fisetin to get rid of senescent cells, or similarly Dasatnib + Quercetin, gene therapy like PGC-1a for maintaining muscle mass in older age, epigenetic reprogramming, mTOR inhibitors like Sirolimus or other rapalogues, etc.
So it’s very likely that some of the advances we see today that are still in clinical stage will hit the market in 5 to 15 years.
Lower than this. If I use the AOT compile option with .NET Core 3.1 I get a 40MB binary which goes down to 10MB with the trim option.
Just like Go which embed it’s runtime, .NET Core binary compiled with AOT embed the CLR but, unlike Go, it has options to trim out the pieces that aren’t necessary, which I really like.
I think this is one of those features that was a bit preview in 5 and you should use the just-released v6 for PublishTrimmed. There are also situations where it doesn't work out of the box (e.g. Winui3!)
If we consider that most people are possibly deficient in Vitamin D, then it’s not surprising to see. That really doesn’t tell us anything. Or do I misunderstand?
Also by curiosity, are there any conclusive evidences that supplementing Vitamin D is beneficial for anything? I’m taking it as recommended by my doctor but I’m wondering.
I did but I’m not a scientist and I don’t know how to interpret the full study either. I’m asking a legitimate question based on the abstract. I’m trying to understand something and I get downvoted instead.
I thought the abstract was pretty readable. There have been many articles on this and the site as well.
HN has a weird philosophy and has always been downvote happy. Wouldn’t take it personally, think of people trying to get the best comments to the top, and have limited tools. Still, when HN is good it’s the best.
Rereading your comment it kinda has a “please do my homework” vibe.
I’m talking months to find someone. Many candidates apply and look good on paper but turn out to just lie and made us waste many hours of interviews.
As for the why, I suspect one of the following:
- good candidates already have a job they love
- people are not willing to relocate (job is remote but inside one of the countries we are operating in, which is 80)
- there is simply not enough people in the field, which goes back to my first point