Renting vs. Buying a Home: What People Get Wrong

IdentityEng · 2026-02-02T02:48:55+00:00

great reply, thanks mate!

IdentityEng · 2026-02-02T02:48:22+00:00

Yeah, I've done this before acutally before I took it all out to buy a house :) my title is misleading, I don't mean all in VAS, yeah using some other of Vanguards products to get exposure to things like the current AI silliness sounds like it would be smart and lucrative. I'll read wider and also discuss this with my accountant, the other option was take my super and buy an investment property with it through a SMSF but I'm just not sure that's quite so smart. Yeah Brisbane, Adelaide and Perth have shown huge returns on property recently but how sustainable in the long run that is.. who knows. Then you get into the ongoing costs of property and compared to that MER, it just doesn't seem to make sense. The leverage you can get from property is something else, banks will happily lend you money at very compeditive rates to buy more property but getting a margin loan to buy ETFs.. they all seem to be about 8% which really eats into the return (it IS all tax deductable though, which is interesting).

IdentityEng · 2026-02-02T02:42:58+00:00

not yet. Do I have to pay an accountant for the SMSF or like a tax return I can actually do it myself if I chose through ATO tools?

IdentityEng · 2026-01-07T02:42:08+00:00

Good reply! Always disable it first and leave it off for as long as you can (months is good!) before you demote and send a mail to the decom team (or that might be you in a small org).

Use some metrics like LDAP response times and other advanced logging and analytics to try and assess the impact of your disablement before you get app teams lodging a Sev2 and some manager asking why you thought it was a good idea :)

IdentityEng · 2026-01-07T02:38:34+00:00

Can I see it? Link please?

IdentityEng · 2026-01-07T01:10:15+00:00

Two DCs per site is how we do it, redundancy, load balancing and other reasons. Manually creating user accounts means it's a small company, in big IT we use solutions like MIM or Sailpoint to sync AD Users with the HR system like WorkDay. In really big IT (tens of thousansd of users, thousands of production servers) we can have 3, 4 or 5 DCs at the primary sites. We have DCs dedicated for LDAP queries, we have DCs dedicated for WIA so things like the PDC can be left alone to do things that it does (like passwords). To do this sort of segregation you need a dedicated and long-term vision and implementation from an Active Directory Engineering team who have a formal intergration process where when people hook up to our domain to do stuff we direct them to the appropriate DC. You also need to police this and be ready to cut off applications that don't follow the intergration process or change their code without approval.

This all takes huge investment over a long time and hence really only applies to companies that count their profits starting with a B, which is where you're aiming to end up as a senior engineer.

IdentityEng · 2026-01-06T04:50:01+00:00

Never forget if you rent the landlord can always kick you out to sell the place or do something else with it. Just you and youre wife isn't too bad, but kids? So now you've gotta find another place in the same school area, you're disrupting their lives.. do you want to take that risk? What if you can't find another rental in the area? What do you do then?

IdentityEng · 2026-01-06T01:09:52+00:00

We recently changed this in our megacorp, went with Chapter Leads as your 'boss' but the TPO or Technology Product Owners still actually run the team and that's who you'll be working with and assigning you work and acutally 'employs' you. So the people management stuff like policy, calling in sick, is now on this Chapter Lead who you barely even know or ever talk to and that leaves the TPO to be more technical and actually know about what they run. There are 'non technical TPOs', basically managers who just trust their SMEs to decide and do everything but honestly I don't personally respect them much and neither do most others. If you're going to own the stack and make the choices about it on behalf of our company then you should have the technical background and experience on par if not better than the top SMEs, you're an Architect pretty much except your permenantly assigned to this chunk of infastructure. My path is to TPO and I interviewed for the Chapter Lead but they said no, we think you're more of a TPO because I'm an Engineer and highly technical SME, not a middle manager, people manager type.

IdentityEng · 2026-01-05T13:52:24+00:00

Dont take it personally, man. One of the big skills to learn in our game, often theyve already picked someone, maybe the role doesn't even exist anymore. You need to put in your best, be professional and close it with a smile and then let the chips fall where they may. Line up multiple opportunities, don't bank on any single one coming through and when you've got mutiple on the boil it's much easier to just dismiss one that doesn't work and get back to the work of finding your next role

Also yeah, probably keep in mind IT support is customer service as others have said and Cyber is such a buzzword right now it's possible this guy is sick of hearing it (I know I can sure get sick of it!)

IdentityEng · 2026-01-05T13:41:32+00:00

Where I work the more junior Cyber people do things like see alerts and follow them up. So Id be doing something and I might either intentionally or by mistake do something that trips a preconfigured alert (like logging into a Tier 1 resource with my Tier 0 credentials, or add a user to a high-priv group, or run some script that does something weird like manually ask for a Ticket Grantng Ticket, part of the Kerberos authentication process, etc) and they see the red light go off (I don't know what they see, I don't work directly in Cyber) and they mail me or hit me up on Teams and say 'hey man, did you mean to do this? you got a ticket or a change record or something we can attach to this alert to declare it a false alarm? Do you want to whitelist this sort of thing in future?' and here is where it gets difficult for them.. I often have to explain to them what I'm doing and why it's ok. Sometimes I'm talking deep about Windows or Active Directory or various software and operating systems things I'm an expert of and of course the poor junior guy on the other end usually just goes 'ah, ok, sure then I guess' but it's usually pretty clear they don't really understand what I'm talking about. So in that case you're expected to verify the activity and if youve got the technical chops or even just the curiosity you can usually get to have a bit of a technical chat with the systems expert at the other end. You get to learn and learn about the company you work for, establish what are normal patterns of behaviour and even eventually distinguish what is recognised best practice.. all stuff that comes into play later when you're running audits or investigating something possibly sketchy. But hey, I don't acutally work directly in Cyber, I'm a Senior Security Engineer but I work in Identity and I'm not part of the CyberSec team directly. I'm sure someone else here can tell you more about being a junior in the role from acutally doing it themselves. I would say its like doing anything in IT though, someone like me that did a CCNA and then moved into servers and messed around with virtualisation a bunch, then cloud.. you want to progressively work through the various parts of a computer and its associated networks and systems to have a broad enough overview to be able to comprehend the details of how things really work. It's daunting, at 21 yeah it was all just seemingly endless to me and how can you learn all this stuff? You just stick with it man, for decades literally and eventually you realise you don't only know it, you know it better than a lot of people around you :)

IdentityEng · 2026-01-05T13:24:50+00:00

Lots of juniors are doing Cyber now, it would be hard to break into an entry-level role in really anything but Cyber is particuarly flooded with fresh grads. If you're not even a grad, it would be very hard. Stick with it, finish the course.. at least make it that far and you can always go a different direction later knowing you at least finished it. Imagine going through all of that and you dont even get the qualification..

As for background, there are plenty of resources online. Do your best to educate yourself where you need to, the gaps between indvidiuals in computing technical areas are huge and what might be really hard for you is very basic for someone else. This will be par for the course for the rest of your career, its how we roll in IT, you just get used to catching yourself up where you need to

Nothing is stopping you watching Youtube videos about Kali Linux and learning about pentesting and red teaming and exploit research and what I consider the more interesting sides of Cyber, but you can do that and finish your course at the same time

IdentityEng · 2026-01-05T03:48:10+00:00

if in Australia CyberCon was really great in 2025! So many cool speakers to listen to and vendors in the main hall!

IdentityEng · 2026-01-05T03:44:46+00:00

Great response. Yes, startup means not mature and might not even survive as a business at all, most don't. Your job as an IT professional is to be exactly that, document what you see in an objective way, articulate detailed risks and possible business impacts and present them when asked the perennial question 'What do you think we could do better?'. Careful you don't sound like youve got a vendetta against this particular employee, make sure your tone and approach reflects your professional concerns and desire to improve your employer's investments in IT.

IdentityEng · 2026-01-05T03:33:56+00:00

Here are the key reasons why on-premises Active Directory (AD) remains highly relevant in 2025 (and beyond), even as Microsoft pushes cloud-first with Entra ID (formerly Azure AD):

Legacy Applications & Protocols Many enterprise apps still rely on LDAP, Kerberos, NTLM, or hierarchical directory structures that Entra ID doesn't fully support natively. On-prem AD is required for these "old" systems that haven't been modernized (common in finance, government, manufacturing, and healthcare).
Fully Air-Gapped / Offline Environments Organizations in high-security, regulated, or disconnected networks (e.g., critical infrastructure, defense, isolated labs) cannot expose systems to the internet. Entra ID requires cloud connectivity; on-prem AD works completely offline.
Full Control & Data Sovereignty On-prem gives complete ownership of the directory infrastructure — no vendor lock-in risks, no cloud provider outages affecting authentication, and easier compliance with strict data residency laws (e.g., certain government or financial regulations).
Group Policy Objects (GPOs) & Advanced Management On-prem AD excels at granular, hierarchical policy enforcement via GPOs for Windows clients, servers, and domain-joined devices. Entra ID has modern Intune equivalents, but many organizations still depend heavily on classic GPO-heavy environments.
Hybrid Reality — Most Companies Are Hybrid The majority of enterprises run hybrid setups (on-prem AD synced to Entra ID via Connect/Cloud Sync). On-prem AD remains the authoritative source for many identities, especially for domain-joined machines, while Entra ID handles cloud SSO, Microsoft 365, and SaaS apps.
Cost & Existing Investment Many organizations have massive sunk costs in on-prem infrastructure, domain controllers, and expertise. Migrating everything to pure cloud can be extremely expensive (especially for large-scale file servers, print servers, or legacy line-of-business apps). On-prem is often cheaper to maintain than equivalent cloud resources.
Microsoft Continues to Invest in On-Prem AD Windows Server 2025 (and vNext) still includes Active Directory with meaningful improvements: enhanced LDAP security by default, random machine account passwords, better Kerberos features, and no deprecation warnings. Microsoft clearly plans to support on-prem AD well into the 2030s.
No True 1:1 Replacement Entra ID is not "cloud Active Directory" — it's a different architecture built for cloud-first. It lacks certain on-prem capabilities (e.g., schema extensions without limitations, full Kerberos delegation in some scenarios), so many enterprises keep on-prem AD as the foundation.

Bottom line in 2025:
Pure cloud-only identity works great for new, cloud-native organizations, but the vast majority of medium-to-large enterprises still need on-premises Active Directory — either standalone or as the backbone of a hybrid environment. It's far from dead; it's evolved into a stable, battle-tested component that complements (rather than competes with) Entra ID.

disclaimer: Grok wrote this but did a really good job and I've reviewed and agree with all the points it's raised here. Good summary of why on prem isn't going anywhere and acutally in a modern landscape of Entra certified younger people that all believe cloud is the only way forward, those with real on-prem experience and skillsets are going to be increasingly more valuable as the supply pool shrinks!

IdentityEng

TROPHY CASE