LinkedIn Sucks (7/6/2025)
LinkedIn is a great platform for jobs, right? Right?
I was reviewing my rejection emails from LinkedIn and then checked my applied jobs and noticed I am not receiving any response from some of these companies.
I want to take a deeper look to see who are the GHOSTS.
I crunched data from when I applied from December 27th 2024 to June 26th 2025, using this popular platform. My results are a joke!
Jobs Applied: 544
Jobs Ghosted: 358 (over 30 days with no response.)
Jobs Waiting: 22 (under 30 days and waiting for a response.)
Jobs Responded: 164 (Thats good news right?)
The UGLY (You ain't got no alibi!): 234 companies that ghosted me.
The Bad: 9. They might respond to you. (under 50%)
The Decent: 19. They should respond to you. (over 50%)
The GOOD: 108. They have responded each time. (100%)
Now if I can only master the ATS systems for these good companies as some are very aggressive and denied me on an average of 3 days. There were several that were same day.
Let's get to the data and see the updated results since July 1st, 2025.
View My LinkedIn Job Data
Why does LinkedIn suck? They know who the ghost companies are but are getting paid by them.
Plus, people will keep coming back looking for work and LinkedIn knows their site will be ghosted when someone gains employment.
It's a vicious ghosting cycle and profits are top priority.
BCWHS Guidance with Security Controls (6/26/2025)
Here are the current ways to help you answer controls with the framework plans currently at BCHWS.
Microsoft Remediations: Microsoft Secure Plan
Windows PowerShell: Microsoft Secure Plan
CVE Plan
D3FEND: NIST 800-53 Plan
ATT&CK: CVE / NIST 800-53 / CRI plans
BCWHS Hint: All Plans
Open AI *: All Plans
Google Gemini *: All Plans
* Your OpenAI and Google Gemini API information. BCWHS encrypts this data at rest. *
BCWHS.com
MITRE ATT&CK & Cyber Risk Institute Mapping (6/25/2025)
When I get started on something new, I just keep on going until I get bored with it or have finished as many processes as I can.
When I was going on an API kick, I connected to as many platforms as I had access to.
Now, I have been mapping MITRE ATT&CK with as many security frameworks as I have within my BCWHS application.
First it was mapping with CISA's CVEs.
Then I moved onto mapping to NIST 800-53 and now I have uploaded the Cyber Risk Institute framework (318 controls) and added the mapping for MITRE.
The mapping was fairly straight forward and I managed to knock it out in a few hours.
I am coming to the realization that mapping frameworks to MITRE is a tough one to dig through (easier to program)
as there are controls that map to hundreds of MITRE ATT&CK capability groups which expands the rabbit hole to new levels.
This is why I am a bigger fan of creating your own proprietary framework where you can pick and choose controls that match your organizational risk appetite.
I might plan on mapping Azure and M365 by next weekend...maybe.
BCWHS.com
MITRE ATT&CK & NIST 800-53 Mapping (6/23/2025)
Over the weekend, I had plans to map MITRE ATT&CK to CISA CVEs, NIST 800-53, Azure and M365. I knew the task was going to be challenging.
I knocked out the mapping for CISA and MITRE but have a few minor details to conquer with NIST 800-53.
I have finally conquered them. In all, 33,579 mappings have been magically connected between MITRE ATT&CK and NIST 800-53.
The next step is to tie the CVEs and NIST mappings with MITRE back to the GRC plans for additional help with answering these controls.
I still plan on mapping Azure and M365 by next weekend.
BCWHS.com
MITRE ATT&CK & CISA CVE Mapping (6/22/2025)
Over the weekend, I had plans to map MITRE ATT&CK to CISA CVEs, NIST 800-53, Azure and M365. I knew the task was going to be challenging.
I knocked out the mapping for CISA and MITRE within a few hours but am currently stuck on 800-53 with a few minor details to conquer.
I have a connection established with CISA's CVE JSON and recently figured out the complexity of using MITRE ATT&CK's TAXII API to gather the data I need from both to map them together.
But how do I map them together?
This lead me to another JSON from The Center of Threat-Informed Defense Mappings Explorer.
Their JSON allows me to map them together easily.
NIST 800-53 mapping and write up is next on my list and then I plan on Azure and M365 maybe next weekend.
BCWHS.com
Adobe ColdFusion 2025 Hackathon (6/18/2025)
I have read a few blog posts from several people who submitted code for the Adobe ColdFusion Hackathon and there is tough competition.
I had limited time due to Father's Day activities and didn't want to take time away from my daughters.
I submitted my code on Friday afternoon and only made it 2/3 through what I wanted to accomplish.
The concept was simple, call out to CISA CVEs JSON file and crunch the data to come up with some cool ways to display charts and the data.
The first phase was to show all CVEs and break them down into pie, line and donut charts.
The second phase was to show the data down to the Vendor and display those CVEs in similar but different line and donut charts.
In these 2 phases, I was able to incorporate 9 new features, functions and enhancements.
The last phase was to list several selectable products from the CVE list and generate a custom list of CVEs based on a product stack.
I didn't get this part in the contest, but I have created phase 3 in CF 2023 which is what my current hosting has to offer.
I collect CVEs with my own application so I would expand phase 3 and create a new phase 4 which is to create a new G.R.C. plan based on CVEs.
The logged-out version allows you to compare 5 products which displays a list of CVEs and charts.
The logged-in version allows 9 products, a link to download to excel and an import function that creates a custom GRC plan which you can utilize a Risk Register and POA&M and knock out CVEs based on your risk appetite.
It was a fun hackathon, and I learned new ways to get things done, and found a new way to utilize the CVEs. I doubt I will place due to the known names involved with the contest, but it was fun, nonetheless.
Check it out for yourself.
https://blackcatwhitehatsecurity.com/cveProducts.cfm
UPDATE: My entry was good enough to earn 3rd place!
GitHub Repository: TeamTwo
|
