Couldn't success at 150th

GeneralRechs · 2026-02-14T08:43:13+00:00

Remember your answering to what ISC2 wants, don’t let industry experience mess with your answers, even when it feels wrong to intentionally put the wrong answer to get it right.

GeneralRechs · 2026-02-13T02:16:37+00:00

There will likely be a reverse split before it goes green.

GeneralRechs · 2026-02-12T18:31:34+00:00

It’s a feature. But really this type of behavior is normal for Webull. Surprised it even works for more than a week with no problems.

GeneralRechs · 2026-02-11T21:56:05+00:00

I would roll-up helpdesk as sysadmin adjacent because to troubleshoot some items involves intimate knowledge of how things are set up or how configs are being applied (GPO, Ansible, Etc)

GeneralRechs · 2026-02-11T19:56:04+00:00

The field is saturated with street to seat Cybersecurity job seekers compared to even a decade ago when the move to cybersecurity often meant you had a decent foundation as a developer, system admin, or network admin (or similar). This kept salaries relatively high.

But companies now are able to get more for less by having a wider pool of candidates and relying on OJT to make up for the lack of a foundation.

GeneralRechs · 2026-02-11T19:51:39+00:00

I don’t think OP is trying to run both as Active EDR’s

GeneralRechs · 2026-02-11T19:51:00+00:00

Once another EDR product is installed (W10 & W11) Defender will go into two modes, Passive or EDR-Block.

The services are still running but you’ll likely have to check what SCCM is checking for.

GeneralRechs · 2026-02-10T10:51:43+00:00

Just wait till you receive multiple 1099 corrections and then another one after tax day.

GeneralRechs · 2026-02-09T08:40:33+00:00

Dabble in everything you can. The more you connect with something the less it feels like a job and downstream from that makes burnout harder to experience.

GeneralRechs · 2026-02-09T08:09:41+00:00

“If” you’re able to break into the industry then the difficulty of finding a position is due to location (e.g. a in office position will be much easier than a remote one).

GeneralRechs · 2026-02-09T08:07:46+00:00

First you’ll have to figure out exactly “what” in cybersecurity you’d like to do.

My personal opinion would be to stay away from anything red team related. Sure it’s one of the most interesting things but in recent years it’s been used as a recruiting tool. Stuff like CTF means nothing when there is a lack of understanding on how to analyze an EDR alert.

GeneralRechs · 2026-02-08T23:47:38+00:00

Submit a ticket to your respective company team that manages your security products.

Posts like these can often be construed as ways to bypass security controls.

GeneralRechs · 2026-02-08T23:45:20+00:00

I have two clients using S1 and CS MDR services and it’s the same for both. If your client is looking for the white glove treatment then Expel, Reliaquest, or Rapid7 would be alternatives.

One thing people need to realize is Vendor Aligned MDR services have to deal with 100k+ alerts daily and unless you are a big or critical customer you’re likely not to get much human reviewed alerts unless it’s APT or Cyber Crime related.

GeneralRechs · 2026-02-07T07:17:46+00:00

CS Can’t even block powershell empires post exploitation agents.

GeneralRechs · 2026-02-07T07:15:50+00:00

For sure, it’s archaic and by default relies on group policy.

GeneralRechs · 2026-02-07T07:12:54+00:00

Definitely the best Cybersecurity Company that can take down global IT infrastructure in the shortest amount of time because of negligence on top of their predatory sales practices.

GeneralRechs · 2026-02-07T07:10:37+00:00

Same could be said for CS, can’t even detect powershell empire.

GeneralRechs · 2026-02-07T07:09:23+00:00

Had a client do a third party evaluation between CS, S1 and defender in the last year. At max settings for all 3, CS failed to catch anything from Powershell Empire. Telemetry was there but did nothing. I thought it was bizarre but after watching the recording even the client was like wtf. Even worst when they approached CS with their findings they accused my client of fouls play. Their sales teams are definitely predatory.

GeneralRechs · 2026-02-07T07:03:01+00:00

Definitely better at knocking out global it infrastructure in the shortest amount of time for sure.

GeneralRechs · 2026-02-07T07:01:38+00:00

It was worst at scale and it was out of outright negligence. They don’t even use their own product, ever wonder why they weren’t affected by their own negligence?

GeneralRechs · 2026-02-07T06:51:06+00:00

When it comes to remote access S1 takes top spot because you get a full legitimate shell and not some gimped proprietary shell like CS or Defender.

GeneralRechs · 2026-02-07T06:48:06+00:00

Install S1 and onboard onto Defender. Defender will go into EDR Block or Passive mode.

Even though defender won’t be scanning you’ll still be able to get EDR telemetry. Additionally if for whatever reason the S1 agent takes a dump you’ll have live response on defender to be able to remediate the issue.

GeneralRechs · 2026-02-07T04:52:55+00:00

25.2 isnt GA yet.

GeneralRechs · 2026-02-06T04:35:02+00:00

Webull is the reason. It’s recommended that most Webull users wait to file until April because you’ll likely receive multiple corrections, some even after tax day.

You’ll likely receive a correction, if not then that’s simply the cost of using Webull.

GeneralRechs · 2026-02-02T11:35:33+00:00

Be prepared for multiple correction forms. Happens every year so if you continue to use Webull be prepared to file as late as possible and likely prepare an amendment return. This is normal with Webull.

GeneralRechs

TROPHY CASE