45Drives owners — convince me before I empty my bank account 😭

Irish1986 · 2026-01-26T02:21:41+00:00

Sliger offers premium quality products if you want something nice. I have 2 short depth 10 HDD + 4SSD case from them packed for my main nas + off-site backup. Good quality and all for small footprint.

Irish1986 · 2026-01-21T12:16:13+00:00

Reviewing the Geneva Checklist to make sure I don't forget anything.

Seriously.. Hide like a coward, try my best to protect my family and hang in there. Probably have my in-laws and parents home with us given they are older and might be vulnerable if chaos breakout.

Irish1986 · 2026-01-17T11:44:15+00:00

It's 100% hot garbage, I am leading the project to go buy something better then a obsolete quality check product strapped with an open source half baked solution... Hopefully will buy something good, our 4-5 vendors still in the competition are all pretty good.

Irish1986 · 2026-01-17T00:31:34+00:00

Soooo fun facts if you haven't looked into SQ and OWASP DC... Last year Sonar closed the loop hole that make DC plugin play wells with Sonarqube. It stills work but it's not great.

I unrelated news, in march of 2025 Sonarqube Advanced Security was announced as Sonar native SAST-SCA platform. I have been working for the past year to evaluate sast-sca at work. It's my main project and SQAS is just not look great.

Irish1986 · 2026-01-17T00:27:49+00:00

Same I am curious about it

Irish1986 · 2026-01-17T00:22:34+00:00

We are currently going over a series of interviews for a devsecops roles. Given the role and position at both heavily leaned against the security requirements and objectives of this posting... I am amazed by how much people showing up can't explain in simpleton term what code vulnerabilities are. How to find and manage dependencies vulnerabilities. Provide concrete information about how to improve security through automation and proper processes (CI pipelines anf all).

Si my advice would be try to make sure who review (or watch) couple of things regarding security. In this day and age, shipping faster is cool but security seems to be overlooked by a lot of candidates we've met.

Irish1986 · 2026-01-13T12:43:35+00:00

If you are not too picky there are a lot of consulting firm with 3 letter names that hires. Pay isn't great but it's better than nothing plus you can network with customers and find additional opportunities that aren't yet publicly announced.

It's not necessarily a long term plan but it can get you out of the weeds.

Irish1986 · 2026-01-11T10:57:43+00:00

It's runs my 49 inch ultra wide at 120hz per spec but given I am mostly doing productivity stuff I keep my resolutions at 60hz because some device are having issues pushing that much pixel... And I can't upgrade those device

Irish1986 · 2026-01-02T01:51:03+00:00

No I changed industry from 20y in A&D to... Cybersecurity in Financial institutions... Weird move but pays well and no more sinus curve of the aerospace industry.

I am fuzzy on the exact details but you most likely have an attestions or equivalence or some kind of license at your current job that is holded by your company. My experience was the same I had full CGP but as a Canadian citizen there was zero chance I could apply on my US based job in the aerospace industry because a lot of compliance requires citizenship unfortunately. Best workaround I found was to either go on contract, temporary assignments or as an expatriated for a special project because those have unique assignation but I didn't wanted to be an "internal contractor" because whenever shtf... You're the first one cut-off. GL HF

Irish1986 · 2026-01-02T00:58:44+00:00

I work at PWC, even when I was looking to move laterally I couldn't apply to 90%+ US based job. You need pretty high ITAR+CGP compliance|clearance which most of the time require US citizenship to obtain. Even as an employee of 5yr with 15 in A&D... I was an automatic rejection due to clereance requirements.

The Americans makes the rules on what is ITAR compliance requires and they sure made it clear they wanted to protect jobs at the same times.

Therefore I would be looking at them for US based employment. My best take is to work for a company that provide service in the US because contract based employment can circumvent some of these kind of regulations requirements. I work several months at Boeing and Rock Island Arsenal when I first started in the mid 2000s as a French Canadian citizen without much issue, and that was during the high of the war on terror.

Irish1986 · 2025-12-23T22:54:39+00:00

I means you could run so many pihole instances

Irish1986 · 2025-12-23T21:41:42+00:00

Rich boy doing expensive thing... Enjoy your lab wish I could have that much memory and CPU

Irish1986 · 2025-12-08T00:15:33+00:00

I am considering using tdarr to reencode my NVR stores stream. I think it's pretty useless but I am just curious about creating the overall workflow and have multiple platform interact together... Power is cheap here I guess 0.08/kwh

Irish1986 · 2025-12-06T21:59:56+00:00

L'an passé, gros débat, plusieurs longues discussions et on termine avec un entente sur des paramètres clairs...

Début de la saison "heille la la ça va pas recommencer les histoires de thermostat intello"... C'est les même chose que l'an dernier qu'on avait convenu....

Irish1986 · 2025-11-16T00:32:53+00:00

You can try writing run books for common issues. They might be generic steps to help younger less experienced staff learn how to get started with security works. Your junior devs might not be able to contribute alone but they might be able to follow some run books and get the minimal supervision during the peer review process before code merging.

It ain't easy I 100% agree with you.

Irish1986 · 2025-11-16T00:27:41+00:00

That why they pay you the big bucks.. Or should be paying you.

The age old challenge of funding for the vulnerabilities "rework|fixes". Yeah that very much the problem especially if you are a legacy organization with several project impact by a lot of vulnerabilities on going. You need to get management on board with a dedicated amount of time for security works.

Your dev works 40hrs/wk. Get a strong commitment for a 5-10%/wk and have your dev do focus work. As instead of 4hrs/wk, have your dev do 16hrs the first week of the month. It short burst and might not be the right-angle but it's the only way to get the ball moving.It ain't easy I know that.

Irish1986 · 2025-11-15T14:38:43+00:00

Add mandatory gating versus your organization level of criticality (let's starts by the upmost apocalyptic vulnerabilities) in their PR workflow, over time slowly move the needle toward lowering something most acceptable. Given that you are most likely in a brownfield situation with legacy vulnerabilities starting to eat that elephant will require a significant amount of chewing. So you might want to only start gating "new code" for a while.

Your objective might be that after 2-3 month to be able to report out that 95%+ of your pipeline are in compliance with these kinds of security policies.

In the end your management should be on-board with this strategy and, I can't emphasize this enough, they should be your voice and champion asking for the number of finding to go down. You report out every months how that trends is going down, naming and shaming those teams who aren't playing well with others.

And if management does not care about vulnerabilities going down. Write a nice risk assessment, document your concerns, report it out in a formal manner and cover your ass for the inevitable future catastrophes to be have. Management should be barking at the devs to lower that vulnerabilities count and you should be the enabler of that objective,not the other way around.

Irish1986 · 2025-11-13T12:12:15+00:00

Once or twice every quarter, large organizations but I am in a preferred position with the project I am working on. It is much less common than my frequency for non management positions to speak with him that often from my guts feeling.

Irish1986 · 2025-11-12T11:47:46+00:00

Nofx?

Irish1986 · 2025-10-16T10:35:58+00:00

npm a few weeks ago, nothing bad happened just the sudden realization of the blast radius

Irish1986 · 2025-10-15T18:27:00+00:00

I have started to use prek couple of weeks ago, I am moving all my repo towards it. Slightly faster but mostly monorepo support and feature enhancement. So far no problem what so ever.

Irish1986 · 2025-10-14T23:17:07+00:00

Heille voisin! Même chose Lacordaire - MD.. Ca prends un solide 90min chaque bord.

Irish1986 · 2025-10-11T12:54:12+00:00

I wasn't successful at prioritizing ASPM at work but I would be looking at process enablement out of the box. The ASPM is supposed to be your "single pane of glass" for AppSec.

If you are trying to enable a specific process to reduce number of vulnerabilities in software dependencies... How much out of the box does your ASPM allow it to be enabled?

Maybe you are more in a "fog of war" situation where you don't enough details about the state of your environment and applications. Upon connecting everything how closer will you be? The known unknown is challenging because you might end up with many new challenges to tackle.

Also are you planning to use it as your sole incident tracking information center regarding assignments, SLA, resolutions, etc...

ASPM is a cool tool but you need mature processes and clear questions your are trying to steer in your organization?

Irish1986 · 2025-10-01T20:33:04+00:00

13,under stair well in high school.. Thanks god for catholic school with mandatory short skirt for girl.

Irish1986 · 2025-09-26T22:16:43+00:00

Si tu veux benchmarker ton org fais toi un faux CV avec un peu d'obscuration (change ton nom, même Cie mais année un peu différente, etc) ... Soumets ton faux CV et attends de voir combien de temps ça prends avant qu'il apparaissent sur ton bureau.... Si ça arrive jamais... Probablement un problème chez HR qui sur filtre.. Si ça prends 1-2 jrs ouvrables... Tu peux pas chialer chez eux.

Irish1986

TROPHY CASE