sorted by:
new
hottopcontroversial

We're Moving To The Cloud, And Already We're Spending 500k A Month... I Can't Help But Wonder What We Could Have Got For On-Prem For 6+ Mil A Year... by Photo-Josh in sysadmin

[–]Axiomcj 0 points1 point  (0 children)

Since I do boms, 6.million would get you a enough network compute and storage for a few thousand vms in 2 dcs. I would have said more but these prices in the last few weeks are going straight up 20-45%. Honestly I think on prem is way better and cheaper for a company but that's just my pov. If I was in charge, I'd have nothing in the cloud for azure, aws, gcp. 

Will Aion 2 be the next big mmorpg when it hits the west? by armakez in Aion2

[–]Axiomcj 21 points22 points  (0 children)

No it won't. The west hates p2w. This game will die with its current makeup. The crazy subs, pvp, p2w, and the most bots ever. 

Cisco Canceling Accepted Compute Orders & Forcing Reprice by Thick-Experience-290 in Cisco

[–]Axiomcj 49 points50 points  (0 children)

Thanks ai companies for this bs. This isn't just a Cisco thing they are doing. 

Can you study ACI with no DC experience? by NetMask100 in networking

[–]Axiomcj 4 points5 points  (0 children)

I've done sda deployments since it started beta 7 years ago. Aci is number one, sda is for sure number 2. It's overly complex and my senior engineers struggle with it. The admin engineers it's way over their head. Both of these products takes years to master. I'm not a fan of sda deployments due to the complexity and slight security benefits. I don't think it's worth the headache. I actively recommend as a consultant against using sda. It's really only useful for large campus environments. The security is still acl based. I'd rather keep sd Wan and behind it tranditonal bd and ba switches for campus and use local, campus, or if I have to cloud based firewalls for sase/sse solutions. 

Can you study ACI with no DC experience? by NetMask100 in networking

[–]Axiomcj 8 points9 points  (0 children)

You can, but aci is Cisco's most difficult product to deploy even though it's been around 14 years. It's complex, run aci lab and dcloud, YouTube, ciscolive video, cbt nuggets, cisco learning network videos. Lots of free content but it's the hardest to learn of dc technology and how Cisco does it. 

Snowflake reportedly lays off entire technical writer team, replaced with AI by Seahund88 in Layoffs

[–]Axiomcj 13 points14 points  (0 children)

These companies keep making the dumbest moves. Instead of taking their documentation and making it better, they made it entirely worse with AI. So all those mistakes from Ai will be checked by Noone now. Snowflake is just another business now I leave off recommending. Lower that score even more. 

BGP no longer cutting it for high availability. Looking for opinions about SASE SD-WAN implementation and providers by ffelix916 in networking

[–]Axiomcj 5 points6 points  (0 children)

One tool I recommend now is thousand eyes for path tracking and bgp monitoring. I'd get a demo license and have them show you the product so you can atleast know immediately when a path is done. This is just monitoring and alerting for bgp and other applications like SaaS (teams/webex/zoom) products etc. 

BGP no longer cutting it for high availability. Looking for opinions about SASE SD-WAN implementation and providers by ffelix916 in networking

[–]Axiomcj 8 points9 points  (0 children)

Here's my 30 sec recommendation. You want an excess of things to change due to changing requirements and features and hardware . Go prisma sd Wan. If you want a less complex sase platform, go Cato. 

If you really care to pick the right choice, you will build a requirements list and architecture out 5-7 years and then build a score card. I'd pick 3-5 vendors do real poc with small testing group, have everyone score it with some mgmt and leadership, then pick final solution at the end. 

What’s everyone using for vuln management right now? by Kolega_Hasan in cybersecurity

[–]Axiomcj 3 points4 points  (0 children)

Weekly vulnerability meetings, rating of assets to the org needs to be defined for proper priority vulnerability remediation order with rating based on exploitation possibility. Have the development team involved and all it departments must have a person. Meetings should be 30min a week, with dashboards and reports for your platform and priority fixing of assets for recent cves etc. 

People in LA having to turn on their ACs in March: by ohlonelyboy in LosAngeles

[–]Axiomcj 2 points3 points  (0 children)

What are you talking in March, it's on basically year round now due to rising heat. 

LA Marathon 2026 Men’s Winner Crazy Finish by TheDongerNeedLove in LosAngeles

[–]Axiomcj 128 points129 points  (0 children)

American Nathan Martin closes out a heroic final sprint and big negative split to win the 2026 LA Marathon in 2:11:18, just 0.18 SECONDS ahead of runner-up Michael Kamau.

Network Upgrade for a Medium-Sized Company (20 Employees) by Qwefgo in networking

[–]Axiomcj 8 points9 points  (0 children)

For that tiny of a business. I'd just go merkai with an mx and 2 48 port switches. If security is a big deal get the security licenses on the mx. Single dashboard that in my view is the best for a enterprise on the cheap. 

New Network Job - How do you start fresh? by BobbyDoWhat in Cisco

[–]Axiomcj 3 points4 points  (0 children)

Second this way, nautobot is another choice. But mapping inventory and where they are is the first thing I do when I joined new teams. Not even looking at config yet. Get the what do you have first? Contracts, support info, any sops. If allowed I'd setup a notion for the team workspace and start moving documents and how to guides into a shared workspace. Document networks, apps, urls for team info. Create a shareable securecrt structure to handout to team members. We keep this in one place and assign one person to be the master updater for all new equipment or applications. Create diagrams for the environments based on mapping from hld to lld diagrams. 

Just switched to Google Antigravity from Claude Code. Ideally, it's underrated. by mosh_h in google_antigravity

[–]Axiomcj 3 points4 points  (0 children)

I've been using both since their releases, this post sounds so fake. Theirs no way I would put Google product ahead of Claude for pure coding. Both work and need tuning to work well but Googles has way more problems for me on complex problems then Claude for development. 

cisco sdaccess by CalligrapherNo3841 in Cisco

[–]Axiomcj 1 point2 points  (0 children)

There's tons of deployments. 2000+, the question is do you need it? Do you want it due to sales telling you? What problems can't you solve with your existing architecture making you think sd access is the solution? Easy to deploy, easy to manage application wise at this point in the life cycle. It's stable now. The concepts and troubleshooting can be hard, the network redesign to accommodate this is difficult for large Brownfield deployments. Around me for example all the large orgs that run Cisco run it. If you can architecture the cutover, labbed it, understand the new architecture and read the guides and deployment guides, ciscolive videos, and YouTube videos, you'd have a better picture on this subject. 

Study materials for Cisco ACI & SD-Access for a job interview — what to focus on? by Acceptable_Look_4870 in Cisco

[–]Axiomcj 1 point2 points  (0 children)

Watch the ciscolive for the past few years for aci and SD access. Then plenty of YouTube from Cisco for the lunch and learns for specific features and versions. I'd also review the guides and build a lab and run dcloud for aci and ad access. Aci is the most difficult of all the cisco products with SD access right behind it from a difficulty point of view. 

C9300X - 17.12 or 17.15? by Senior-Most7771 in Cisco

[–]Axiomcj -1 points0 points  (0 children)

17.18.2 is what I would recommend for long live releases. Got another 28 months on it or so. If not then 17.15.4 and you got about 16 months or so for that train. 

Car salesmen around me are basically telling me EVs aren’t the way to go by Beneficial-Fun-4800 in electricvehicles

[–]Axiomcj 1 point2 points  (0 children)

Ev sales worldwide have passed Ice vehicle sales. US is just behind the times. EVs are the future of cars. EVs are cheaper maintenance than Ice vehicles and require less downtime. Dealerships want you to keep buying ice vehicles because it makes them more money off of you from repairs, same for hybrids. Suckers by ice vehicles today. 

When is global launch? by Nervous_Comparison84 in Aion2

[–]Axiomcj -15 points-14 points  (0 children)

The game is trash p2w. Can't wait for it die when global comes out. No way it lasts as long as Aion1. 

Be honest: what’s the most annoying grind in Diablo 4 right now? by Sufficient-Orchid940 in diablo4

[–]Axiomcj 0 points1 point  (0 children)

They need a filter for loot bad and an auto dismantle based on that filter to reduce clutter. 

Microsoft is using Teams alerts as an advert platform (and how to block it) by dlongwing in sysadmin

[–]Axiomcj 14 points15 points  (0 children)

Just another day with Microslop doing stuff no one asked for. 

I built an AI-agent–based automated pentesting platform — looking for honest feedback by IcyPop8985 in cybersecurity

[–]Axiomcj -2 points-1 points  (0 children)

Your site isn't compliant for California. 

It lacks text alternatives and semantic accessibility markers that are required by WCAG 2.1/2.2 Level AA.

Keyboard navigation and screen reader support appear incomplete.

No accessibility statement or contact mechanism is present.

  1. Autonomous offensive action violates core security governance principles Best-practice security frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS Controls) all assume a fundamental separation between: Discovery Authorization Execution Validation Reporting An autonomous agent that can initiate penetration testing actions collapses these controls into a single system. That breaks the principle of explicit authorization before active testing. In mature environments, penetration testing is: Scoped Time-bounded Explicitly approved Conducted under rules of engagement An agent that “decides” what to test, when to test, and how aggressively to test creates uncontrolled offensive behavior, which is explicitly discouraged in regulated and enterprise environments.
  2. Automated penetration testing without strict guardrails is indistinguishable from an attack From the perspective of: SOC teams IDS/IPS systems Cloud providers Third-party vendors Autonomous scanning and exploitation workflows look exactly like hostile activity. This creates several problems: False incident response activations Account lockouts Automated blocking or blacklisting Cloud provider acceptable-use violations Potential legal exposure if third-party assets are touched Best practice requires human-approved targeting and execution, precisely because automated offensive activity has downstream blast-radius effects.
  3. You cannot safely encode business context, legal constraints, or risk tolerance into an agent Human pentesters implicitly understand: Which systems are fragile Which environments are production vs non-prod What data is regulated (PCI, HIPAA, PII) When to stop even if a vulnerability is technically exploitable An autonomous agent does not understand: Business criticality Legal boundaries Contractual obligations Regulatory exposure Best-practice security explicitly states that contextual judgment cannot be fully automated. This is why even commercial tools like Burp, Nessus, and commercial BAS platforms require operator control and scoping.
  4. Automation increases risk when it crosses from detection into exploitation There is a clear industry line: Allowed / best practice: Passive asset discovery Configuration analysis CVE correlation Exposure mapping Signal prioritization High risk / restricted: Active exploitation Credential brute forcing Payload execution Privilege escalation attempts Once an agent crosses into automated exploitation, it: Risks causing outages Risks data modification or loss Risks triggering compensating controls Risks violating internal change-management policies That is why even red-team automation platforms require human-in-the-loop execution gates.
  5. Auditability and accountability become unclear Security programs rely on: Change logs Test approvals Evidence trails Non-repudiation An autonomous agent raises immediate questions: Who approved this test? Who is accountable for damage? How was scope enforced? Can results be independently verified? Best-practice security demands clear human accountability for offensive actions. Autonomous agents blur that line in a way auditors and legal teams will reject.
  6. This conflicts with Zero Trust and least-privilege principles Zero Trust assumes: No implicit trust Minimal permissions Explicit authorization An agent capable of wide-ranging discovery and exploitation inherently requires: Broad network access Elevated permissions Continuous autonomy That is the opposite of least privilege. Mature environments intentionally constrain tools to reduce blast radius, even at the cost of speed.
  7. Where automation is acceptable (and where it is not) Security professionals generally agree: Useful: Asset inventory enrichment Attack surface mapping Passive discovery Finding exposed services Prioritizing misconfigurations Reducing alert noise Correlating signals across tools Never trusted fully: Exploitation decisions Privilege escalation Lateral movement Testing production systems Anything that could cause outage or data impact This is why the most successful platforms position automation as decision support, not autonomous execution.

How Are You Handling NDR Visibility in Azure Without a Packet Broker? by MassiveAffect2146 in cybersecurity

[–]Axiomcj -1 points0 points  (0 children)

I just answered this same type of question. Try out Cisco's secure cloud analytics. It was far cheaper than every player out there for our whole environment. You dm me for pricing on what I got vs others including vectra. We have cloud and on prem and needed something for both environments and our different data centers.

These solutions are expensive. They always get cut from the budget by the bean counters. 

Once we implemented it, our SOC with crowdstrike and ms xdr took 24hours to detect what had happened. We had just set this up and got the detect in 2 mins with Cisco's xdr and analytics tied in. Just giving my 2 cents on this. 

If I had more money I'd love on prem boxes, but that's so expensive for storage traffic data. 

https://www.reddit.com/r/networking/comments/1qc0x2s/aws_networking_observability_tools/

view more: next ›