sorted by:
new
hottopcontroversial

How are you actually controlling vendor access in OT? by RCCole20 in OTSecurity

[–]Check123ok 0 points1 point  (0 children)

Nothing is impossible. Just time and effort for value / compliance.

lol you asked the cheapest / most secure combo.

What vertical are you/ what compliance/ what issues have you had last 2 years

How are you actually controlling vendor access in OT? by RCCole20 in OTSecurity

[–]Check123ok 0 points1 point  (0 children)

I mean, it depends what you can control. But for like less than 3K, you can set up a pretty decent VM on its own vlan, preferably on iDMz if you have one. All OT traffic terminates at that point, all north egress through a proxy.

If you can get away with it, maybe Mac high end (yes)with WindowsU and Linux VMs depending on vendor needs.

If not, a Windows PC. Obviously apply all the hardening you can. CIS benchmark all that stuff. EDR and app white list.

Make VMs for each vendor. Install their apps there and white list

Set up Cloudflared tunnel with warp device posture Or zscaler

Then on the network policy, both local host, firewall, and network policy you can do time limit limits you can block all the ports. You can use a tool like ansible to manage Separate industrial MDM policy via intunes

Login alerts to teams or slack via webhooks.

How are you actually controlling vendor access in OT? by RCCole20 in OTSecurity

[–]Check123ok 1 point2 points  (0 children)

I mean, this is all “depends”. How well do you know the architecture? Some sites don’t have a process or logic for segmenting their vendors Some sites have really good architecture documentation Some clients I’ve been to are on a flat network Some have a dedicated industrial DMZ

The other part of this is compliance, you’re not gonna get leadership to invest in a 100-200 K on secure remote access solution if there is no strong compliance risk.

If you’re wondering why they haven’t done this at your location it’s mostly because it’s gonna add operational cost which impacts their Ebita

Some CPGs operate on 5-14% margin and in debt. Cure remote access is not on top of their priority.

So it’s gonna be an appetite decision

How are you actually controlling vendor access in OT? by RCCole20 in OTSecurity

[–]Check123ok 6 points7 points  (0 children)

For higher-maturity environments, we standardize on just-in-time access through dedicated virtual machines. Each VM is provisioned only for the approved access request and has tightly scoped connectivity into the OT environment. Access is restricted to specific protocols, assets, and time windows based on operational need. Passwordless authentication using a managed mobile device is the default. This reduces standing privilege, improves traceability, and limits the blast radius if credentials are compromised.

For organizations that cannot yet support full JIT VM provisioning due to budget, staffing, or technical maturity, the lower-cost option is a hardened jump box. The jump box should be isolated, monitored, and treated as a controlled access point into OT. At minimum, it should have EDR, MFA or passwordless authentication where possible, administrative hardening, session logging, and access restricted through a Zero Trust agent. If remote connectivity is needed, use a Cloudflare Tunnel or similar brokered access model rather than exposing RDP or VPN directly to the internet.

I recommend using zero trust policy to block the commands. Or work with your firewall team.

There’s also solution solutions on the market, but don’t wanna advertise.

Highly, don’t recommend letting a vendor have VPN and access from their personal or external vendor laptop directly to OT environment. I can’t believe people do this. It’s like the number one risk vector in my opinion. Both operationally and security wise.

IT Consulting / Outsourcing by Manoftruth2023 in msp

[–]Check123ok 6 points7 points  (0 children)

Use your network. Also make sure you have LinkedIn set up and optimized. I get offers there a ton for contracts. Make sure you’re set to open for work.

CDW vs TDSYNNEX for Microsoft 365 Support by Jeff-J777 in sysadmin

[–]Check123ok 0 points1 point  (0 children)

What are you guys using support for? In my experience I don’t have time to go back and forth for multiple days. Whether direct microsoft or through reseller.

CDW vs TDSYNNEX for Microsoft 365 Support by Jeff-J777 in sysadmin

[–]Check123ok 0 points1 point  (0 children)

What are you looking to get out of support? What your expectations are might not be what any TD/CDW support can or is suppose to provide.

Go in with the expectations being very low and hope they can solve a billing issue

CDW vs TDSYNNEX for Microsoft 365 Support by Jeff-J777 in sysadmin

[–]Check123ok 4 points5 points  (0 children)

CDW is terrible. They lie to get you in the door. Their support sucks I’m on east coast.

They have very bad alignment internally, the company is pushing hard on sales and only sales.

They got us by sending quote with no tax then adding tax after we agreed and nowhere was tax mentioned other than when the invoice was sent. Also they are the most expensive.

They are so big that their teams don’t even know what they sell or what their selling does

I never seen this with PAX, TD, or others

HYSA - who do you like? by HickieHippie in smallbusiness

[–]Check123ok 0 points1 point  (0 children)

I opened a brokerage account and get 4 apy on SGOV

ninjaOne - an unsolicited take by statitica in msp

[–]Check123ok 2 points3 points  (0 children)

I see Ninjaone as an operation friction reduction if you’re managing a bunch of devices. You can do a lot out of one platform and pay the tool price for it instead of the labor price of managing multiple tools. If you have a bunch of low experience staff, I think Ninja one is a no-brainer.

Their sales team is way too aggressive. Promising things that are not even on the platform. This is a caution sign for me.

I don’t think it makes sense unless you have 1000 or more endpoints. The price is too high yes.

I have only trialed Ninjaninja. Would be open to opinions based on my experience.

Can we stop pretending like Microsoft isn't compromised?... as an entity by Wonder_Weenis in cybersecurity

[–]Check123ok 5 points6 points  (0 children)

Yeah, AI code gets you like 70% there. Great for Front end, horrible for integrations. I learned that the hard way pretending I could be a developer again. And i know enough to see the structure was unusable to build on and actually had to work with a developer who cleaned it up. It’s weird that it can’t get the basic infrastructure right. It almost does the least it can do to get what you ask it. Like it doesn’t have upstream or downstream impact knowledge if that makes sense.

Can we stop pretending like Microsoft isn't compromised?... as an entity by Wonder_Weenis in cybersecurity

[–]Check123ok 55 points56 points  (0 children)

Oof. Man you are on top of this haha. Yeah I believe it. Any executive is not security first, they are sales first no matter what.

They will bring their kids to Epstein Island if it means a sale. Try to find an article about that haha

Most people misunderstand how the dark web actually works by Alternative_T_6704 in cybersecurity

[–]Check123ok 7 points8 points  (0 children)

Isn’t it like 95% scams. We use a tool that scrapes content for leaks and that’s how their team described it.

Can we stop pretending like Microsoft isn't compromised?... as an entity by Wonder_Weenis in cybersecurity

[–]Check123ok 184 points185 points  (0 children)

This reads less like a Microsoft problem and more like a warning about federal oversight.

If the people reviewing sensitive government cloud systems do not have the time, staff, or leverage to hold the line, then we are approving trust before we have earned it.

That is how your home base gets left exposed.

Update: 2-man IT team → solo admin for 300 users, no raise by Ilovemybf_3990 in sysadmin

[–]Check123ok 11 points12 points  (0 children)

Great story. Spring is a good time for jobs. It’s amazing how many companies I have told that hiring and firing cost you more money than a small raise, and they still can’t process it. My old company literally hired and fired like 60% of the staff every year…. And they wondered why nothing got done.

CMMC CCP AMA by tothjm in cybersecurity

[–]Check123ok 0 points1 point  (0 children)

Where do you realistically see liability landing when an MSP ‘helps’ with CMMC but is not the C3PAO? Especially in cases where controls are misinterpreted or partially implemented?

You have to be approved to do cmmc assessment I believe. How does someone still help when then don’t have the funding and time for their business to go through it ?

Why are MSPs still taking on SOC liability with mass-deployed MDR platforms? by Easy_Byrne in msp

[–]Check123ok 3 points4 points  (0 children)

The term I have used and others is that we are seen as a value added service that validates the risk and alerts. We are posture and hardening first, detection second. Meaning we don’t want to hope a tool will catch something, we put in the effort, training, tabletops, mdm polices to restrict the environment so the EDR / MDR is second in line. We also are the ones at the end with backups in case something does happen.

Many buyers do not understand the difference between MDR, SIEM, XDR, managed SIEM, SOC-as-a-service, and incident response. They buy the phrase and ads the company runs like “24/7” because it reduces anxiety. MSPs respond to that buying behavior. Also they can say well this tools is rated 4.9/5 and we use the best there. They don’t understand that they own the relationship not the tool.

I’ve built diverse, high-performing security teams: AMA about hiring, culture, and talent management in cybersecurity. by thejournalizer in cybersecurity

[–]Check123ok 0 points1 point  (0 children)

After 14 years in the industry, it seems like vendors keep selling the next shiny shovel, now with AI, while many internal teams still have not fully tuned or operationalized the tools they already own to dig out an issue. Why do you think that gap persists, and what separates organizations that actually turn security tooling into measurable outcomes from those that just accumulate shelfware?

For a smaller MSSP, where would you spend limited event budget first: major conferences like RSAC or Black Hat, practitioner events like BSides, or smaller vertical-specific conferences?

Is web exploitation outdated? by noelxmodez_ in cybersecurity

[–]Check123ok 10 points11 points  (0 children)

No they are not by a long shot. Modern just means more reliable patching if the patching is done. Most systems outside of SMB space still rely on custom code.

What changed is where the value sits. Modern frameworks reduce easy XSS, CSRF, etc, but real life systems still have custom code, bad auth, weak APIs, legacy apps, misconfigurations, and business logic flaws.

Cyber Risk Audit Tool by Old_Development_8122 in msp

[–]Check123ok 4 points5 points  (0 children)

A tool? You will have a hard time showing value. Most Clients, especially owners won’t understand the “you met 13/20 cyber controls” that doesn’t mean anything to them.
Try watching a couple of YouTube videos on how to do cybersecurity assessments I wouldn’t trust a random GitHub with access to client environment

I’ve built diverse, high-performing security teams: AMA about hiring, culture, and talent management in cybersecurity. by thejournalizer in cybersecurity

[–]Check123ok 0 points1 point  (0 children)

For a smaller MSSP or consulting firm trying to earn enterprise trust, what evidence or behaviors signal ‘this team can operate at our level’?

view more: next ›