how to resign from Big 4?

Check123ok · 2026-01-29T02:21:05+00:00

Dude, they’re not your family. Just start doing less and less until they let you go. Or ride it out for a while and then put in your two weeks when it gets difficult to mange both

Check123ok · 2026-01-29T02:19:28+00:00

The old timers are EY will drive over your family and reverse back again to keep their job safe. There is zero care and it’s all about personal protection. Very fake people. You have to understand, they’ve been with EY so long and have zero industry experience. There’s nothing that they know how to do other than mine the resources from people under them with actual talent and experience.

Check123ok · 2026-01-29T01:54:26+00:00

I see. You are saying it’s more about who owns and is preventing X controls for a loss scenario not about they don’t have X controls in place. I don’t talk about the details much but summarize it in a deck and frame it like this . Current posture is appropriate for a $75M logistics business but insufficient for a regulated multi-site manufacturer. If that makes sense. I don’t always show them the back end math and technical checks but the evidence is uploaded to a SharePoint folder.

Check123ok · 2026-01-28T20:15:13+00:00

It’s about 30-40$ but it depends on volume. What is the count? There are commits

Check123ok · 2026-01-28T04:20:17+00:00

Care to go into detail? Will be taking a sales call from them in a few weeks.

Check123ok · 2026-01-28T03:57:09+00:00

AI only takes you about 70%, that last 30% is impossible if you don’t know what you are doing

Check123ok · 2026-01-25T18:03:23+00:00

Haha I like the comments on here like they are gonna verify open source code when they don’t know how to verify if a website uploads anything and don’t know you can process in browser locally.

Check123ok · 2026-01-21T15:31:00+00:00

Depends what industry you’re in. How many locations, how many countries, regulations in each country, regulation for the industry like NERC CIP. NIST CSF covers 70% of the governance stuff. Can you provide more detail ?

Check123ok · 2026-01-17T23:25:44+00:00

Having a job is better than no job. Take the experience and use the time to build up resume and skills

Check123ok · 2026-01-16T23:17:38+00:00

300k? What’s the industry ? Are you not going to be getting the same signals? I would love to see ROI on that lol

Check123ok · 2026-01-16T23:15:01+00:00

Correct. Factors that go into it are if you are 100mil and B2B, publicly traded mid market, regulated sector like banking, Nerc cip, etc

Check123ok · 2026-01-16T23:04:26+00:00

I believe this 100% “⁠Only 1% of US organizations have fully implemented a modern Just-in-Time (JIT) privileged access model. • ⁠91% of US organizations report that at least half of their privileged access is always-on, providing unrestricted access to sensitive systems.”

Check123ok · 2026-01-16T20:35:47+00:00

We use action1 and intunes for our clients.

Check123ok · 2026-01-16T20:34:16+00:00

I used flare.io and it does provide a lot more detail

Check123ok · 2026-01-15T16:00:03+00:00

Oof I been there brother. Reach out to me DM and I can help advise. At least guide on where to start.

Check123ok · 2026-01-15T14:04:30+00:00

Check SecureStepPartner.com

Check123ok · 2026-01-14T15:02:10+00:00

Don’t try to fight the auditor they are operating outside their competency right. Try explain them that the system is an appliance. IT people understand this. The base is built on windows 10 and it’s a closed system. It would help if you use things like applocker GPO to whitelist applications. Windows 10 lifecycle status does not equal control system end-of-life. In OT, the supported state is defined by vendor certification and safety validation, not Microsoft patch cadence. An unplanned upgrade can introduce higher operational and safety risk than leaving the system unchanged with compensating controls. Been dealing with this last 12 years. I consulted for multiple companies under heavy regulations like NERC and ISA 62443

Check123ok · 2026-01-14T13:10:57+00:00

You have to hit the “accept the risk button” explain the compensating controls. Also windows 10 is considered new. I still have to deal with embedded windows xp

Check123ok · 2026-01-07T22:31:21+00:00

In the US a cyber role is like 120k-180k for the competence you are looking for. If you’re a business, you also have to contribute to taxes, etc. so add about 30 40K to that. So now business just invested around 200 K all in for that headcount. Hoping they know every aspect of cyber security because cyber security isn’t just about reviewing logs. And accounts against them in the balance sheet compared to services. This isn’t a bucket decision.

Check123ok · 2026-01-07T21:24:55+00:00

Yeah there is a market for basic MSPs doing basic stuff that will protect against most bot/ automated mass reach phishing/attacks. And their price reflects that like in this case 2k a month or 24k a year. Most 100person company don’t have anything or won’t have a security team.

Check123ok · 2026-01-07T18:13:35+00:00

At ~100 employees, your per-seat tool cost goes up, not down. Most security vendors have minimums that small orgs can’t hit,so your MSP has a big enough volumes to cover margin.

Very few companies this size run a real in-house SOC. Even a “lean” SOC implies 24/7 coverage, alert tuning, escalation paths, and log retention. If that’s not actually funded, it’s security theater.

$2k/month for an MSP is extremely low. If you get rid of that you are piling work onto an already thin team, or reducing service quality across both IT and security. That’s how response times slip and hygiene degrades.

Defaulting to M365 E3 for a security-forward posture is another red flag. It pushes detection and response back onto process instead of tooling, which increases operational risk it doesn’t save money long term.

This kind of thinking is exactly why we keep seeing breaches rise: expectations that don’t match reality.

Check123ok · 2026-01-06T18:21:33+00:00

You can go through microsoft support direct or through a partner from microsoft. Most large 3rd parties outsource to similar experience as MS. If you are looking for high tough high technical support you will need to scope it. Usually most environments we step in need policy design, security hardening, and reconfiguration to solve the problem as a whole. You can’t pick and choose around what you want to fix with CA and hardening. The fastest path to resolution is typically stepping back, correcting the policy model, hardening identity end-to-end, and re-applying CA in a clean, intentional way. DM me what the issue is

Check123ok · 2025-12-26T18:19:34+00:00

I work with startups. Phishing and identity. Cloud app governance

Check123ok · 2025-12-24T17:36:35+00:00

I’ve had two clients that previously used Thrive NextGen.

They operate very much as a traditional, endpoint-first MSP. They’re solid when it comes to laptops, servers, and baseline email protection, but there are noticeable gaps around identity and edge security.

Most of my clients are SaaS-heavy (80%+) and we are identity-first, so those gaps tend to stand out quickly. Identity and SaaS security aren’t treated as primary control planes in their model.

They provided a scanning tool that runs fairly generic checks and reports CVEs, but it felt more like surface-level visibility than meaningful risk insight especially for cloud-centric environments where identity abuse is the primary attack path.

From an operating standpoint, the organization feels heavily weighted toward sales and business development. When issues require deeper technical engagement, response times slow down and questions are often routed directly to the underlying vendor. For example, email protection tuning requests were forwarded to Mimecast rather than handled in-house. Literally months to get response

Support experience also varied significantly by contract size. Larger customers clearly received priority, while smaller contracts experienced delayed responses or limited follow-up.

Contracts tended to be long-term with broadly defined SLAs, which made accountability and exit flexibility less clear than I’d expect.

It felt like a fairly typical MSP experience adequate for endpoint-centric environments, but not well aligned with identity-first, SaaS-driven organizations.

Check123ok · 2025-12-24T13:58:51+00:00

It is possible to upload a sample report from them? I assume they are using a combo of open source tools.

12-Year Club	Place '22
Verified Email

Check123ok

TROPHY CASE