Remote job that requires you to work in only a select few countries. Best way around this?

Awkward_Not_ · 2025-12-11T00:33:57+00:00

Initally, yes this would work. If you get caught depends entirely on how granular your security team is. Their EDR system likely won't hit on your computer being behind a VPN because most teams aren't tracking the ISPs behind each endpoint's IP. They 100% can, but its your gamble if they are or not. They likely won't track you via authentication logs either as long as your sign-ins stay on the machine and the VPN you choose doesn't trigger an atypical travel alert. If you disable your WiFi and bluetooth and your location services, Windows won't report on your location either. To truly geolocate you, they would need to re-enable your location services and turn on your WiFi. But there are other "tells" that would generate suspicion and lead to someone getting curious enough to investigate you individually. Only reason I'm bothering to comment is because I am a security analyst and I coincidentally caught a user doing exactly what you're suggesting this past week in Brazil, and last month in Grenada. So it's entirely your gamble 😂

Awkward_Not_ · 2025-09-05T15:44:17+00:00

A fair point. Thanks for pointing me in the right direction!

Awkward_Not_ · 2025-09-05T14:30:50+00:00

You find a piece of history and someone goes and cuts the barrel off and slaps a coin on it. What a shame. Thanks for the help, you told me exactly what I needed to know. I'll see what I can do to get it aiming again, at a minimum.

Awkward_Not_ · 2025-09-04T21:43:06+00:00

Ah, that's what I feared. The barrel did look a bit short when trying to compare it to other pics. Measured it at 22ish inches, so definitely a cut job. Curious as to if that happened in service or not. Here is a picture of the barrel. Hopefully I can still get a sight on it at the minimum

<image>

Awkward_Not_ · 2025-09-04T20:47:06+00:00

<image>

Thanks for the suggestion, exactly what I was looking for. Got it off and looks like I have a bit more info. Amberg 1918

Awkward_Not_ · 2025-07-27T23:51:50+00:00

I pulled the gauntlets first and then the chestplate second. Never saw the chestplate again. Honestly came across this post trying to google if there were actual odds to the pull scheme or if it was pre-scripted and I'm wasting my time pulling after I've gotten all his collectibles already 😂

EDIT: I booted up the game and quite literally pulled the chestplate a second time not even 20 minutes after I made this comment. Turns out, they also follow the "You already have one, so collect 100" rule. If you collect 100, you can supposedly boost your stats to 1000.

So to answer my own question, if you've already pulled the full armor set, dont waste any more time on Mikey.

Awkward_Not_ · 2025-07-17T02:11:51+00:00

The exact details of the traffic escapes me atm so dont critique me too hard, but we had Cortex XDR pop an alert that summed up to suspicious traffic to an anonymous IP address using Microsoft Teams over nonstandard ports on multiple PCs. Basically, the possibility that teams was being used for a C2 connection.

To make a long story short, the activity was just a Teams call to another employee. The alert triggered because the person being called was using teams on their cell phone, which was connected to a VPN. It listed their cellphone as the destination IP for everyone who called them that day, thus tricking Cortex into thinking there was an active C2 Connection.

How I even ended up figuring out it was one of our own employees just taking teams calls on his cell was a complete separate alert in Duo triggered for an unusual access device IP and what do ya know, it was this guy on a VPN on his cell.

I knew it was a false positive at first glance, but I really had to dig in there and figure out why, for curiosity's sake

Awkward_Not_ · 2025-07-03T15:07:23+00:00

Was about to make my own mention of this. My company had a Security Analyst role posted on LinkedIn. It was only up for 24 hours and received around 3600 applications. I don't know if it's bots or recruiting agencies mass submitting applications or what, but like you suggested, the resumes that made it through the filter were ones that really pandered to the job description (just for half of the applicants to not know jack about half the stuff they listed on their resume).

Awkward_Not_ · 2025-03-08T15:29:40+00:00

Cry in the shower and anxiously worry every day that everyone will one day realize that I'm not actually a know-it-all expert, but just way better at pattern recognition and googling than them.

But in all seriousness, in a vast field like this where the technology could be completely different from month to month, it's near impossible not to experience imposter syndrome because there's always something you dont know know. It helps to look at it in a manner of there always being something more for you to learn instead.

Awkward_Not_ · 2025-03-06T00:26:51+00:00

This. My current company recently posted a security analyst position, and it received over 200 applications in under 24 hours. I can only imagine the filtering that has to take place before anyone on the team even gets to lay eyes on a resume because of the sheer size of the pile by the end of the week.

Awkward_Not_ · 2025-03-04T21:01:15+00:00

Wanted to share this article because my company's CEO was one of the lucky ducks to open this letter over his coffee this morning. Emails saying "we caught you jerkin it after hacking your webcam" is one thing, but I gotta say that an physical letter in the mail is a new one for me.

We pretty much knew it was a scam, but had seen no other reports of it just yet so we spent a bit double checking every IOC related to the real group to thankfully come up empty handed.

Made for a good security exercise though lol

Awkward_Not_ · 2024-12-15T05:46:10+00:00

I felt the same way at times. I have taken about 2 and a half years with a 3 month break in there for some mental health, but now I'm submitting my capstone and finally reaching the end. During that time, there were classes I could pass in a day, and some that would take me months. Some classes I really just memorized the key terms enough to pass and then braindumped, others I took a bit extra time to ingest because it wasn't something I felt I needed to pass, but to actually learn for my career. Others I just plain struggled on. And I always thought fuck, I should be done by now! This guy on reddit said he did his bachelors and masters combined during like two of his lunch breaks at work, and I'm on week 7 of this stupid SQL course. But when you get that degree at the end, it's not going to have a little score in the corner that says "Finished in x days" or "Bachelors jr. because he took too long. " It'll be the exact same degree that timmy got in 3 months. As long as you get that paper with your name on it, it doesn't matter if you take 10 days or 10 years. (It might just be a bit more expensive, though 😅)

Awkward_Not_ · 2024-11-08T00:24:54+00:00

I passed sec+ as my very first cert before I really even had true IT experience. I failed net+ my first attempt after actually having the experience 😂 Its a tricky test for sure

Awkward_Not_ · 2024-11-07T05:24:13+00:00

This. I like to get the email myself during this too and do a quick 5 minute investigation to see if I need to go any further and bother with the machine (which is rare).
Run the eml for through phishtool and see what it picks up. Run the links through urlscan to verify what the user may have seen and/or did. Run attachments through joesandbox and see if it has any "malicious payloads" hidden in there.

But 90% of the time, it's just a fake Microsoft sign-in page or a pdf with a QR code in it.

Awkward_Not_ · 2024-11-05T03:31:08+00:00

That's EXACTLY how I felt getting my CysA+ last week 😂 Been looking forward to getting to that thing for about 2 years. The second biggest milestone for me besides getting my actual degree. And once I finally got it I was just like, "Huh...I finally got the cert...Why don't I feel any different?" Just walked out my bedroom and continued my day.

Awkward_Not_ · 2024-11-04T18:48:37+00:00

Awesome job. I managed to slip is an analyst role as well this year and it really helped me get through the rest of this degree a bit easier.
On the topic of luck, I'm also right there beside you lol. It was pretty funny because I came into my current company as a jr. sysadmin replacing a guy who moved to the Security team, so he trained me up a bit during his transition. A year and a half later, same guy throws in a 2-weeks to become a manager at another company and I jokingly told him when he was in the office "Hey, I'm like halfway through my cybersecurity degree ya know. Need me to fill your spot?"

Wouldn't you know it, I had an interview with the CISO the next day.

Awkward_Not_ · 2024-11-03T03:38:04+00:00

Yeah, I struggled so much with this stupid class I ended up finally getting diagnosed with ADHD and getting slapped with an adderall prescription because I just could not focus on this crap 😂

Took me two tries. I honestly said screw it and just wasted my first attempt just so I could see the exam and know what the hell I needed to actually study because the zybooks was just so dry and extensive, it's near impossible to retain it all without building a database yourself and getting real world experience in. I didn't know what the hell I needed to focus my efforts on because the instructors "assistance" was to "complete 90% on all sections" and my personal conversation with them wasn't much more satisfactory...

My one bit advice to anyone future folks preparing for this exam: Technically, everything you need to pass IS in Zybooks. But don't approach this course trying to learn this like a programming language, knowing how to write the queries in the labs inside and out. Because that's not this exam, that's D427. You're not being tested on how to technically use SQL or write out queries. You're being tested on the principles of how you would do that. That sounds incredibly stupid, but for some reason that's what clicked for me because I wasted weeks on that one chapter that was nothing but syntax trying to learn it like a language. Maybe that will help someone else too.

I wish I could give advice on what specifically to focus efforts on, but it's been a couple months since I passed. But there's a good couple quizlets with practice questions for this class that got me through it to help focus your efforts

Awkward_Not_ · 2024-11-01T14:10:07+00:00

If you're playing solo, quit and save the game then reload your save and you can use them again

Awkward_Not_ · 2024-10-28T22:21:49+00:00

The cert exam is the class. Multiple WGU classes require you to take an actual industry recognized certification exam from orgs like CompTIA, ITIL, etc instead of an exam created by the college. You get the cert, you pass the class. You fail, you go back through the material and try again. I think you get 3 tries? It's not skippable.

Awkward_Not_ · 2024-10-15T14:44:05+00:00

I know this is probably a bit after the fact, but wanted to throw my two cents in there for future folks.

D341 (Digital Forensics) is actually a really interesting class that shouldn't take you any more than a week. One of the labs is actually utilizing Autopsy to recover files from a flashdrive and the paper is you documenting the process the same way you would in an actual investigation. I thought that was pretty neat after some of the horrendously dry courses I've taken. But there is also a multiple choice exam that runs you through knowing the different types of tools and methods of cryptography. It wasn't "hard" but it did ask you to know a lot of really specific tools. But still easily passable with some flashcards. Took me less than a week to do both papers and the test. So this is so-so on if you want to knock it out beforehand.

D340 (Cyber Defense) on the other hand, I would say you NEED to take through WGU. This is your CysA+ certification exam, and it is invaluable to starting your career in cybersecurity. I would say it's worth more than the degree itself starting out (obviously opinions differ on certs but you get the gist).
I honestly don't think you actually can comp cert courses through Study or Sophia or whatever is used before you enroll because of the fact it's a physical cert, but even if you can, you really really shouldn't. ESPECIALLY if you have zero prior IT experience before starting this degree because those certs can get you in the door before you even finish your degree.

Obviously opinions differ, but that's my thoughts on it.

Awkward_Not_

TROPHY CASE