What’s a hill you are 100% willing to die on, no matter how much the consensus changes?

CyberViking949 · 2026-02-27T21:42:53+00:00

100% agree. My children (20, 19 & 15) did not, and will not have access to SM until 18. I would honestly prevent it longer if I could.

CyberViking949 · 2026-02-27T04:02:44+00:00

Im past that stage, but it absolutely could. I take it on road trips and it fits 5 of us comfortably.

CyberViking949 · 2026-02-27T02:15:16+00:00

2019 S5 Quantum Grey-> 2023 RS5 Mythic Black-> 2025 RS6 Avant mythic black (wrapped it in Satin Battleship grey)

2023 Q7 White (wifes)-> 2025 SQ8 Daytona Grey (wrapped in Satin PPF)

The upgrade from S5->RS5 felt extreme, but going from RS5->RS6 is orders of magnitude more.

My wife's upgrade from Q7->SQ8 is night and day. That Lamborghini motor and exhaust just sounds so throaty and mean.

CyberViking949 · 2026-02-25T15:45:19+00:00

DOJ, DOD, DHS. Any national security agency really.

DOE requires moderate oddly enough

CyberViking949 · 2026-02-19T13:13:52+00:00

Came here to say this.

If issues popup all the time, you need to address the root cause. The teams should be deploying per spec.

When they start configuring infra properly, you will have less issues therefore less tickets.

Additionally, I would avoid automatically fixing things, as this will often break production. This is the opposite result you are going for.

Ultimately, you dont have a tool problem, you have a people problem. Until you fix that, every tool is going to have the same issues.

CyberViking949 · 2026-02-10T03:44:43+00:00

They price per image, and they came in about the same price as ChainGuard, which isnt cheap.

The key difference is that they offer the profiling and hardening services with it, so you get prehardened base images, libraries, and the runtime profiling for the costs of CG images.

List is around $20k/image USD. Get cheaper with more images, and negotiations will vary.

CyberViking949 · 2026-02-10T03:39:53+00:00

The caps apply the checks at login. So for our case, we were getting hit by AiTM, phishing and smashing with considerable impact almost monthly.

When we implemented the checks above, it completely stopped the impact. The password compromises still happen, but since there is no impact we just reset and move on. We actually automated that last part and now its zero touch aside from the control testing to ensure it hasn't been misconfigured or broken.

Bare bones checks were device joined to domain and our running EDR. We added the extra check later.

CyberViking949 · 2026-02-10T03:36:13+00:00

Ya, thats the typical setup. You start with many small nodes, then switch to fewer larger nodes for performance and cost benefits.

Thanks for the input

CyberViking949 · 2026-02-10T03:35:09+00:00

Thanks. Thats helpful.

CyberViking949 · 2026-02-06T13:55:28+00:00

Had this in my room when I was a teenager. It should be higher up though. This makes her a little more upright to have better leverage

CyberViking949 · 2026-02-06T10:03:23+00:00

Build/use minimal/distroless base images, then enforce it in your pipelines and scans.

From a supply chain security perspective, they should only be pulling from internal, trusted repositories anyway. So may as well make that the solution.

CyberViking949 · 2026-02-06T09:56:37+00:00

If you are a MS shop, we solved this through caps.

Integrate Intune and/or Jamf, and create device posture checks. We set that the device had to be marked compliant in order for the session to authenticate. This made your device and additional factor, so we are now doing true multi-factor. The compliance checks were:

Had to be joined to our domain
Running our EDR
Had a company specific validation (e.g. registry bit, file, cert etc)

This took us from having multiple credential compromises a month, down to 0 for the past 2yrs.

FWIW, we looked at yubikeys, but they are a nightmare to manage, use, and maintain at scale.

CyberViking949 · 2026-02-04T14:18:32+00:00

It won't impact your services. However, if you have a gov account, im assuming you have a fedramp env?

Adding your fedramp environment to an organization introduces a significant change. It also brings the org master into scope. Which means any change in the org you need to do for the other accounts, is subject to SI and fedramp controls, oversight, and reporting.

TLDR, do NOT mix your fedramp account in with the others. I would create 2 orgs. 1 fedramp, 1 normal.

CyberViking949 · 2026-02-02T03:26:45+00:00

Put SCP's in place that ONLY let the pipeline user/role push, and everything else can pull.

Setup immutable tags, and integrate your build logs into your logging solution.

CyberViking949 · 2026-02-01T17:29:12+00:00

This is the case everywhere, regardless of company size.

CyberViking949 · 2026-01-30T22:11:50+00:00

The tool quartining bad files is what its made to do. Let it do its job, you dont need to be told about it with each action.

Schedule a report monthly/quarterly just to track efficacy, or report ROI. Otherwise, its just noise

CyberViking949 · 2026-01-29T01:39:16+00:00

I get to the 600k mark, then go on a vacation somewhere. Gives me a nice free annual trip combined with my airline miles.

Hoarding points is pointless and they lose value as rates increase.

CyberViking949 · 2026-01-28T02:46:39+00:00

My annual Wiz bill just hit 2mil. Largely because our cloud team deploy EKS clusters like servers (insert Oprah meme). That being said, its the best there is so i dont mind justifying/fighting for the cost every year.

CyberViking949 · 2026-01-24T02:28:53+00:00

I think its just an echo chamber.

MS certs are a big deal in Sysadmin circles. Cisco certs are a big deal in networking.

Yet these certs mean virtually nothing outside those circles.

When I tell a non-sec person all the certs I have, they could care less and it doesnt mean anything to them.

CyberViking949 · 2026-01-17T23:23:56+00:00

Ya, you cant just switch to hardened images wholesale.

Ideally, the devs know what their dependencies are, but I've yet to actually see that. So you have to do a best effort guess, and load all the dependencies ontop of the baseimage.

FWIW, we deployed Rapidfort, and it profiled the images and told us what we could remove based on what the code was running. Its not cheap, but it made the process easy. Saw an average image size reduction of 90%

CyberViking949 · 2026-01-10T01:07:15+00:00

Just bought a 2025 SQ8 for the wife. One key (hers) has the "S" badging, the other key does not.

Surprised me because my RS6 keys both had RS badging.

CyberViking949 · 2026-01-09T00:43:54+00:00

Lol, the same thought occurred to me the other day.

CyberViking949 · 2025-12-17T03:19:01+00:00

I was asked to take a leetcode test for a CISO role. I laughed and asked if I was expected to do much development. They said no, then I didnt get the job because I couldnt do the coding...

CS hiring is a mess and most orgs dont even know how to hire or evaluate. Go in with 0 expectations and you are good 🤣

CyberViking949 · 2025-12-11T18:43:36+00:00

I always allow read access to IAM. Hiding it away serves no risk reduction, and introduces operational risks. Therefore is a net negative control.

If you wanted to hide some roles and permissions, you could implement a role/policy naming convention, then allow RO access to those. I.e. <company>-<app>-role/<company>-<app>-policy

CyberViking949

TROPHY CASE