I think my smallest nuc, when I was running proxmox, had 24 gigs with four cores and I was able to get ~4 ubuntu servers running at the same time. Or like 1 Windows 2012 R2 and a couple ubuntu servers. YMMV definitely and worthwhile tuning/building an image that is stripped down

@shellsharks@infosec.pub Sorry, was offline for a few days! Not really sure what I'm looking for, honestly? Mostly someone to kind of push me for doing more/exploring more? I'd like to focus in on AI security as well as container security and I know I can start that work on my own -- I just know it's easier/more likely for me to do things if I have someone filling in the blanks on things I don't know that I don't know. I'll start with those there (been following She Hacks Purple and InfoSec Sherpa for a bit) and see if any long hanging fruit shakes lose from the tree, thanks again!

write_that_down.jpeg

This is amazing info, thank you! So I have a BS in comp sci and applied math but all my experience is from ~10 years in different roles in IT from helpdesk to now cloud engineering/devops. I've had been doing some CTF's and Juice Shop for a bit but fell off because things got busy (as they always do). Lately I've been looking at reversing DRM for old shareware games just to get more familiar with the concepts but it's been mostly looking rather than doing so far lol. What I really want to get better at are namely two things:

• Container security and exploiting it
• Getting better at understanding how things work at lower levels to be better at reverse engineering

Really appreciate the insight and hope that everything goes well with your plans!

That makes sense, thanks! Have you ever hired a mentor before? I imagine it'd be a lot like hiring a coach but how would you know that they're not just being kind of a "yes man" or at the very least kind of reputable?

General question but how do y'all actually find a mentor? I feel like there's probably a local group nearby me or something that I could look into but are there places/people that are more likely to say "yes, I will mentor you" in y'all's experience?

Browser only (firefox) on my laptop

I mean, fuck Reagan -- he's the reason why we're in this mess in the first place.

https://theintercept.com/2022/08/25/student-loans-debt-reagan/

Yeah, I would still be using mullvad if they hadn't removed port forwarding -- it's too damn bad but I get why they needed it. Switched to Proton but I imagine they'll run into the same issue down the road and will need to find a more permanent solution.

Awesome! I really appreciate your help and will absolutely start going through this and what my resume looks like.

Also, right?! How is it that in an industry that has a deficit of security personnel in it already is so damn hard to break into?!

I'm not sure if this is the right venue for this question so please let me know if that is the case -- happy to ask elsewhere!

I've been in various IT roles for the past 10 years and seem to have gotten stuck in a support capacity. My career goal is to be more of a DevSecOps or Security Engineering role but I honestly can't get the time of day with an interviewer. I've got experience with programming, cloud infrastructure, web application security, and am currently going for my CKA but I don't have a ton of experience "on paper". Most of my experience is either me doing things myself to further my knowledge or taking on security things within my current role -- for ex. in one support role I did a web application penetration test to make sure there weren't any gaping holes before we deployed it.

How can I make sure that I have the right experience down on paper for when I'm applying to roles? Has anyone here "broken out" of a support role into security? What was your experience with it? I also have a lot of interest in doing research work and I know this can dovetail with the two roles I listed above but maybe I need to focus on the core ideas of those roles more?

I mean, that's just how everyone looks like after 3 hours of talking to a rubber duck, right?

I did not know that was a show and now I can not un-know it lol. Feel like that is going to be a risky search at 1 in the morning.

I use Miniflux and I've actually had luck just putting the channel url like youtube[.]com/channel/CHANNEL_NAME_HERE and the rss feed populates from there!

Glad it helped! Happy reading!

Oh one suggestion for external access that I have is Tailscale -- it's a dead simple wireguard VPN. You don't need to do any kind of port forwarding or configuration, you literally just install the binary and run it. It even has support for custom domains so if you have a website, you could set your jellyfin server as a tailscale only subdomain. 10/10 recommend

No worries at all! So I use Miniflux as my RSS reader but there TONS of different ones -- some open source, some freemium, some premium and closed source. Even VLC and Thunderbird can be used for keeping track of RSS feeds! For that front, I'd just search and give a couple a try -- find which one suits your needs best. I used FreshRSS before making the switch to Miniflux but there are hosted options like Feedly.

In terms of finding things to read via RSS, you've got a ton of options there too! There's a lot of open RSS feeds out there that just aren't advertised. A few that I have are:

• I think all youtube channels (stackoverflow post) have the option for RSS. You can go about it the way outlined in that post but I've found using https://youtube[.]com/channel/CHANNEL_NAME_HERE is good enough if I want to sub to every video of a channel
• A lot of smaller blogs -- most wordpress sites actually have a default rss feed that gets created unless you actively disable it
• Substack news letters/blogs for folks that I follow have this support built in
• I actually found out yesterday how to subscribe to both my Lemmy inbox and all the subscribed communities that I'm in to get those over RSS (there's a little RSS feed icon next to the drop down filters for the latter)
• I use hnrss for hackernews since they don't have a direct rss feed you can subscribe to. Lobste.rs at least does have the ability to subscribe to multiple "subreddits"/"communities"/what have you and be able to filter things out -- otherwise it gets really noisy
• There's a couple of folks that I follow on Twitter via Nitter that supports RSS (how to guide but since bird site is such a cess pool, might reconsider some of these.
• I live in a fire prone area so I also subscribe to some of NOAA's RSS feeds in case my family needs to evacuate
• You can even pull various subreddits over rss if you're still using reddit for somethings. The one thing that I loved about using these rss feeds is that you could group subreddits together into one rss feed and just have that but I imagine this will change with the API changes
• This doesn't even include all the podcasts since the way they're distributed is built on-top of RSS feeds!

The one big problem with RSS is that there really isn't a good way to find other RSS feeds -- or at least I haven't found a good way, ha! Typically, I'll get linked to a site from hackernews, lobsters, here, wherever. If I like their stuff, I'll just paste their URL into Miniflux to see if they have an RSS feed and subscribe from there. I really wish that there was a recommendation list of good rss feeds but honestly, sometimes the best way is word of mouth? Hope this helps!

Edit: Put brackets around the youtube link so that it doesn't turn into an actual link

Awesome! I really appreciate the recommendations -- going to have to give these a test!

Honestly, it took a little while because I was learning a lot of it on the fly. If I had to put a hard number on it, maybe like a week of actual work with tuning and permissions but a lot more time in terms f reading how things should all plug in together. Right now, if I had to set it up, maybe an hour of actual work? But that's because I know how to write a docker compose file, how to tunnel the traffic through a vpn in a docker container, how volume mounts work, etc. etc.

It's really intimidating to start with but there's a fair number of really good guides on the internet for basic setups. I kind of started it one thing at a time -- set up a docker container for jellyfin to point to my existing media, then setup Sonarr to manage only the TV shows, then this one, then that one, yadda yadda. Incrementally doing it is really the way to go so you can test what works, what breaks, and what is actually something that you need.

I honestly love having all my stuff self-hosted -- lemmy is one of maybe three websites that I actually visit rather than having an rss feed send me the info. If anyone is curious, I'm more than happy to go into my setup a bit further but here's the tl;dr on it:

• I run all docker containers in Portainer so I can view all my container health in one spot. The only thing that is not containerized is a raspberry pi running PiHole to block ads across the whole network
• I have Jellyfin as my media server pointed to a shared network drive. Jellyfin gets all of its movie, tv, music, and book information from Sonarr, Radarr, Lidarr, and Readarr. They in turn are able to download things from Prowlarr which connects to usenet and ahem other sites for media
• I run backups to a backblaze bucket from Duplicati and sync all files across multiple devices to backup from Syncthing -- this handles my phone, my laptop, my server
• I have an RSS aggregator with Miniflux so that all the sites that I actually care about come to me rather than me having to check their pages for an update. If I find an article that I want to read for later, I send it to Wallabag -- an opensource version of pocket
• I also host multiple databases on the server and connect them all, as well as remote databases with Trino for running sql queries on projects I'm working on
• My latest project I'm working on is feeding articles from Wallabag to a TTS engine and creating a selfhosted podcast just for me

All of this runs on an Intel NUC that isn't anything super heavy and you don't really have to do anything big or complicated like this either -- just find a thread that looks interesting and pull on it, rinse, and repeat!

Seriously! I ended up blocking reddit and its subdomains with my pihole so that I'd stop clicking on things from google searches.