Web: https://www.reddit.com/r/cybersecurity/comments/11vkj8l/samples_requested_badoutrageous_security/

March 19, 2023, 12:48 p.m. | /u/patrakov

cybersecurity www.reddit.com

It is not a secret that some technical security controls in various checklists are quite vague and are interpreted differently by different auditors - sometimes incompetently or even maliciously.

In this thread, I would like to collect some real-world technical requests that you have received during cybersecurity audits (any kind of internal or external audit will do), that the auditors wanted you to apply to Linux or other UNIX-like servers, but that were disagreeable for any of the following reasons: …

bad cybersecurity requirements security

Azure DevSecOps - Solution Architect

@ Citizant | Chantilly, VA, United States

Cybersecurity Champion

@ NielsenIQ | Chicago, IL, United States

Senior Information Security Analyst

@ QAD, Inc. | Wroclaw, Poland

VP, Information Security

@ TrueAccord | Remote

DevSecOps Engineer- (100%) ( w/m/d) - Valbonne - Hybrid Work

@ SMG Swiss Marketplace Group | Valbonne, France

Information Security Director - Attack Surface Management (100% US REMOTE)

@ Experian | Allen, TX, United States

Director - Cybersecurity and Compliance

@ Visa | Foster City, CA, United States

Senior Threat Analyst | Remote, USA

@ Optiv | Kansas City, MO

Senior Consultant (m/w/d) - Identity & Access Management

@ Infosys Consulting - Europe | Frankfurt, Hessen, Germany

Associate Cybersecurity Analyst - SOC

@ Visa | Ashburn, VA, United States

Security Operations Networks Engineer - Hybrid Working

@ NECSWS | Nottingham, United Kingdom

Senior Application Security Engineer

@ Netcompany-Intrasoft | Athens, Greece