Infosec Engineer AMA - eviltoast

Hello! My name is Mike and I am an infosec engineer with 10+ years experience. I’ve worked in GRC, Vulnerability Management, PenTesting & AppSec. I have 17 SANS certs (I have a serious problem) and I’m also an infosec community enthusiast and creator/mod for /c/cybersecurity. AMA!

  • PenguinCoder@beehaw.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Did you pay for all those SANS certs yourself, or company foot the bill?

    What’s been most memorable incident or PenTest finding?

    • shellsharks@infosec.pubOPM
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I’d be either very broke or have to be very rich to have paid for all of those haha. Fortunately, I worked for a company that had a very generous training allotment. I’ve also managed to take quite a few entirely free by being part of their vTA (virtual TA) community, whereby I help instructors throughout the week of the course with student questions, lab setup, etc…

      I can’t go into too much detail on vulns specifically but I’ve found a number of high impact vulns in public-facing websites for companies I have worked for as well as one vuln in a popular proxy appliance that I should have submitted a CVE for but never did at the time.

      • PenguinCoder@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        We may have crossed paths if you TA for SANS… Pretty sure I know some other details for that proxy appliance vuln, or maybe it’s just a real common vector.