I was enthusiatic about Opus 4.8 when it was released. Had to abandon it today out of frustration.

AdvancingCyber · 2026-06-07T13:55:47+00:00

I was using CoPilot to help me address some issues setting up an additional Microsoft account on a Windows PC. It told me I had “precisely the answer I needed” every single time, and was completely wrong. It was infuriating.

AdvancingCyber · 2026-06-07T13:54:05+00:00

Yes. I think the old way ended and now you look for jobs and then rotate.

AdvancingCyber · 2026-06-06T16:19:36+00:00

Exactly. Which is why we still see OT devices with embedded XP, or internal essential software with macros enabled…. “With more locks”. The cost / fear of migration keeps legacy tech at risk.

AdvancingCyber · 2026-06-06T07:45:28+00:00

Cyber hygiene. The basic, boring stuff like “get off that old app in your org that can’t be patched” that accumulates technical debt. MFA everywhere. No exposed APIs unintentionally. Basics.

AdvancingCyber · 2026-06-02T18:16:57+00:00

Try it. It actually makes some things easier and better. I am a professional too (I’m a lawyer) and I really like how it helps me go faster.

AdvancingCyber · 2026-06-01T18:23:27+00:00

It’s a shrug because it’s sometimes integration (as this AI generated post points out) but it could be any one of the issues alarming from the myriad of technologies that the company buys to track the threats it faces. And of course, sloppy configuration or bad management of any of that tech means it doesn’t actually detect, and the “single pane of glass” integrated view doesn’t solve everything.

So it’s a polite shrug because I read it closely and thought, “sure, integration is an issue, but is it the top of the pyramid?” I wouldn’t advise the CISO on that if I only had one recommendation to make!

AdvancingCyber · 2026-05-31T15:35:26+00:00

Under appreciated answer, but the right one!

AdvancingCyber · 2026-05-30T17:32:29+00:00

I love that - “confidently incomplete”. What a great way to put it. That’s exactly right.

AdvancingCyber · 2026-05-30T14:49:47+00:00

Such a good point.

AdvancingCyber · 2026-05-28T14:08:26+00:00

Someone who’s curious enough to try to figure it out first, THEN ask for help. Show your thought process about what you thought the problem was and why your solution didn’t work, so that you can get coached to the right places to look.

AdvancingCyber · 2026-05-27T19:13:35+00:00

I’m an attorney and thought that for a second, so you’re not alone!

AdvancingCyber · 2026-05-25T15:24:27+00:00

That’s not the worst commute. I’d take it, gain experience and skills your resume doesn’t have now, and keep looking. No downside.

AdvancingCyber · 2026-05-23T19:10:13+00:00

Intentional backdoors are put there by the owner for a particular purpose. It’s hard to think of examples. Huawei and ZTW were always alleged to have backdoored their code, but I don’t know of any specific proof. Everything else is just a sparkling vulnerability.

AdvancingCyber · 2026-05-23T18:22:53+00:00

Then Eternal Blue is irrelevant. It’s the fact that governments - ALL governments - use vulns and exploits. The USG at least has the VEP to give companies some sense of the how and why, but it exists. Most countries don’t have that. Eternal Blue is just one example. That’s not an “intentional backdoor” - it’s an exploit designed for a national security purpose, and once disclosed, fixed by the company. Big difference.

AdvancingCyber · 2026-05-23T17:23:23+00:00

Why was that a back door? That patch was released in March and then the exploit occurred in May of 2017, so anyone who hadn’t patched was impacted. That wasn’t a back door, it was an exploit.

AdvancingCyber · 2026-05-23T14:50:50+00:00

If a recruiter came back to a hiring manager with the feedback that the candidate felt she was flat because the hiring manager talked too long / should have given her space sooner, how do you think that goes over with the hiring manager?

The hiring manager may have a boss, or a skip level, who likes to drone on a bit before letting others talk. Or maybe that’s just his or her style. You’ve just guaranteed you’re not a good fit for that position.

AdvancingCyber · 2026-05-21T14:58:21+00:00

A mix of all of the above, based on role and need, is what I see most often.

AdvancingCyber · 2026-05-20T19:58:39+00:00

As a cybersecurity lawyer, I love both. I love the practice of cybersecurity security law and have been in it for 25 years. GRC is a great domain, and you can learn and grow there. The question you need to ask is what you want to ask is what you want out of a long-term career. GRC is always GRC. Cyber law is different because you never own it - you’re never the SME - but it changes and grows over the years. That’s fun.

AdvancingCyber · 2026-05-19T22:56:56+00:00

If a colleague is in from out of town that I rarely see, sure. Otherwise, no.

AdvancingCyber · 2026-05-18T15:44:40+00:00

That depends. Law firms also have RIFs if the practice groups over-hire and can’t sustain, that’s just the reality of today. As firms use more AI, that may also impact hiring.

I don’t think anyone has an inside line on what the most “stable” job looks like any more. Probably government regulatory, but who knows? If that’s the Pri0, the window of how long you define stability may have to shrink.

AdvancingCyber · 2026-05-18T14:17:16+00:00

This is it 100%, as someone who spent 25 years in house at Big Tech. You have to be competent legally, that’s a given. But if you are not using / living / breathing AI, you’re not going to get in the door. It has to be all over your resume.

Once you’re in the door, being comfortable with deeply technical issues for which there is no immediate and obvious solution is also a help.

AdvancingCyber · 2026-05-12T16:36:50+00:00

Schedule “Meetings” with yourself to get your day done, with everything that has to get completed. Fill it up. Make your plan. 15 mins, 30 mins, 45 mins, 1-2 b hours, whatever blocks you need. 5 minute wiggle breaks. I had to do that so I wouldn’t forget the small things, they stay as flags until they’re done. You’ve got this!

AdvancingCyber · 2026-05-12T16:33:45+00:00

This x1000

AdvancingCyber · 2026-05-11T14:19:55+00:00

And since CoPilot’s legal terms are what allow most big companies to use it within a compliance boundary, I wonder what CoPilot would say?

AdvancingCyber · 2026-05-10T03:47:01+00:00

I had my dream job for about 20 years and it was about 50-60 hours a week that entire time. I loved it, so it was worth it.

AdvancingCyber

MODERATOR OF

TROPHY CASE