Or, “What I’ve Been Doing Instead of Writing Shit” I haven’t written anything on this blog in… a little while. So what better way to get back to that than explaining what I’ve been doing for the past uhhh 4? 5? months :D job In case anyone missed it, I started a grad role/paid internship-type vibes role at [redacted] as a “Cyber Security Analyst”, which if you base yourself off r/sysadmin or other similar places is literally made up and/or Bad.

Or, Oh my god stop using CVSS for everything So anyway, CVSS is pretty bad and 4.0 partly kinda redeems it a little. Let’s talk about why that is and why vulnerability management is widely just… broken. 🙂 Also, I’m assuming you either know the basics of this topic or you have access to [favourite search engine] 😉 But everyone uses CVSS? Must be good, right? The simple answer is, just because something is widely used doesn’t mean it’s good.

Or, If I See One More Snowden LARPer I WILL Cry I really should stop letting people live in my head rent free but if I did you would stop getting spicy blog posts from me, so… Anyway, threat models and risk measurement, eh? A disclosure I guess? I’m going to base this on the knowledge gained through my degree and what I’ve seen online. Anything that may be related to employment I hold will not be discussed here because that would be unethical :)