I know this world runs on money, but like… c’mon man, I just wanna ask a few simple questions…
Post on news.ycombinator.com
There is one such expert that posts frequently
depends, are the questions any interesting? :p
Why don’t you post your questions here and let us nerds argue about them
^
Lot of cybersec folk on the fediverse. Hell I’m technically a certified cybersec person (very entry level, SEC+). Last certmaster course i went through for renewal was very heavy on the legal/corporate/paperwork side of things and i kinda hated it tbh
I’m sorry, but OP needs actual infosec experts who would lose money by teaching them; not low-budget infosec chumps like us who waste their cheap time in the Internet.
don’t ask to ask, just ask
There are a couple of cybersecurity communities in the fediverse. You can try posting your questions there. Like [email protected]
What do you do for a living? Can I call you for free [whatever you do for a living]?
Just ask your question.
Stay at home dad. Ask me anything about nappies.
I’m dying 😂. This is the most ‘Fediverse’ post and comments I’ve seen yet.
The post is a bit more reddit, or Yahoo Answers, than fediverse
The replies though, lol yeah bang on mate
A lot of cybersecurity experts have already put a lot of free information online.
Use a password manager, unique passwords. this video is good for phishing training.
Fuck passwords, use proper MFA.
Phishing training is good though.
I have yet to encounter mfa where not one of the factors is a password.
Fingerprint with an RFID badge is MFA with no passwords.
Something you have and something you are is the most expensive MFA combination, which is why it isn’t common.
Fingerprint + Authenticator as well.
If its an authenticator app, then its password based, as ultimately the password or pin is needed to unlock the phone.
If its a standalone authenticator device, then yes thats MFA. But like I said, its the most expensive option since you would have to purchase devices.
There’s plenty of cybersecurity nerds on Mastodon, I recommend https://cyberplace.social/@GossiTheDog for quality research and equal amounts of shit posting.
You get what you pay for. Sometimes you get more than you pay for, sometimes you can get lots for free, but you’ll never get a guarantee. If you want anything resembling a guarantee, you have to pay.
You sound like you want guaranteed advice, but for free. That isn’t going to happen.
If you want non-guaranteed advice, just ask anywhere on the internet, like here for example. You’ll get lots of answers, none of them guaranteed, but some of them quite possibly very correct. Is that worth the price of “free”? It should be.
I’m very early numbers CISSP, but I doubt I’d be helpful unless your question is more geared to policy and procedure.
Lemmy is a good choice but you can also try Mastodon. Maybe the noc.social instance.
The simple answer is probably no, because even where those experts aren’t driven solely by the pursuit of money – as in, they might actually want to improve the state of the art, protect people from harm, prevent the encroachment of the surveillance state, etc… – they are still only human. And that means they have only so much time on this blue earth. If they spend their time answering simple questions that could have been found on the first page of a web search, that’s taking time away from other pursuits in the field.
Necessarily then, don’t be surprised if some experts ask for a minimum consultation fee, as a way to weed out the trivial stuff. If nothing else, if their labor is to have any meaning at all when they do their work professionally, they must value it consistently as a non-zero quantity. Do not demand that people value their labor at zero.
With that out of the way, if you do have a question that can’t be answered by searching existing literature or the web, then the next best is to ask in an informal forum, like here on Lemmy. Worst case is that no one else knows. But best case is that someone works in the field and is bored on their lunch break, so they’ll help point you in the right direction. They may even connect you to a recognized expert, if the question is interesting enough.
Above all, what you absolutely must not do is something like emailing a public mailing list for cryptography experts, gathered to examine the requirements of internet security, to look at your handmade data encryption scheme, which is so faulty that it causes third-party embarrassment when read a decade later.
You were in fact lucky that they paid any attention at all to your proposal, and they’ve already given you many hundreds if not thousands of dollars worth of free consultancy between them
Don’t be the person that causes someone to be have to write this.
Yes
