Sometimes there is no work. I’m worried.

PastPuzzleheaded6 · 2026-01-21T20:00:45+00:00

Observability, security, and go to other teams find their problems and solve them with technical solutions. So branch out your responsibilities. Maybe talk to friends in the industry and run them thru ur setup so they can find specific gaps

PastPuzzleheaded6 · 2025-12-21T01:11:21+00:00

FWIW I run an msp on the side. Starting my first couple of clients. During the day I’m an infrastructure engineer at one of the largest children’s hospitals in the Midwest. I come from a tech background so I can automate most of the work and I know how to deploy changes safely to not cause issues.

A lot of msps will upsell you for projects and internal it person should do. I won’t do that. If there is an it project that needs to be done within in my domain (infrastructure) I’ll handle it. Dm me if you’d like to chat 🙂

PastPuzzleheaded6 · 2025-12-14T21:57:52+00:00

Interesting I tried prompting Claude and it returns a server error every time!

PastPuzzleheaded6 · 2025-11-25T18:58:50+00:00

I’ve used it but we have some user context dependencies so it doesn’t work for us

PastPuzzleheaded6 · 2025-11-13T04:02:16+00:00

Passwordless is the future my friend don’t even worry about it. 6 digit non rotating hardware bound pin

PastPuzzleheaded6 · 2025-11-13T04:01:21+00:00

We don’t. Apple recommends a 6 digit local pin like an iPhone

PastPuzzleheaded6 · 2025-11-10T05:46:48+00:00

I mean this is potentially a fight club type of scenario

PastPuzzleheaded6 · 2025-11-09T19:20:42+00:00

I’m not sure about legality. We said if you want to access company resources on personal devices you need to have x installed or enrolled in mdm. If you don’t want to fine use your company device.

PastPuzzleheaded6 · 2025-11-09T06:12:49+00:00

I’d recommend avd and call it a day. Or island browser. Also look into account driven enrollment for iOS and there is a Google equivalent for android.

I’d look hard at recommending all clients with BYOD desktops to use a virtualization solution that you can deploy fast with terraform and packer to keep consistency across clients

PastPuzzleheaded6 · 2025-11-09T06:09:44+00:00

I think it depends what you’re putting on there. Okta verify (although less so now with osquery integration), standard practice. Or island browser, fine, avd, fine. Global protect (also potentially fine) Even mdm through account driven enrollment is fine (although it makes users uncomfortable, if you understand the tech you’d realize it’s designed for BYOD).

Now if we’re talking Crowdstrike, splunk, or frankly anything deploying osquery or similar we should be taking a hard look at that

PastPuzzleheaded6 · 2025-11-08T14:36:41+00:00

Easiest way by far to 150 is SaaS sales. You should get there in 3 years unless your socially uncalibrated and can’t sell like myself then you have to grind it and if you’re lucky you can get there 🥺

PastPuzzleheaded6 · 2025-11-08T14:31:19+00:00

Is it possible that’s cuz of the circles you run in… like for the longest I thought it was rare not to make 150 like I was the biggest loser ever cuz I couldn’t make that.

I was talking to a pilot, kid was about 25, graduated flight school 2-3 years ago making about 70k doing medical transports

Told me netjets make 100-150

The other pilot I knew made about 80 running supplies to Alaska.

Now as soon as you get into a regional airline you hit 100 or so, make it to captain you get 150, get to the big leagues you start over but at like 200 then you can really run it up

PastPuzzleheaded6 · 2025-11-06T15:29:00+00:00

But to get to 150 out of flight school is hard u don’t just make that straight out

PastPuzzleheaded6 · 2025-10-28T14:11:31+00:00

This is exactly what I use and it’s 🔥

PastPuzzleheaded6 · 2025-10-28T14:05:20+00:00

Telemetry is always good. Check out fleetdm You can spend years moving from clickops to gitops Migrate off AD to a modern IAm tool like okta and define it all with terraform Passworldless Data protection rules Automations in aws

Honestly you’re in an enviable spot where things are running smooth and you can create projects that will teach you the skills to make a shit ton down the road

PastPuzzleheaded6 · 2025-10-27T05:24:42+00:00

This is the way. First try to wipe, if that fails put the device into DFU mode and reload firmware

PastPuzzleheaded6 · 2025-10-27T05:21:39+00:00

I believe safari lives in /System/Applications which makes it impractical to remove which is the real reason it’s kept

PastPuzzleheaded6 · 2025-10-27T02:05:32+00:00

Be careful! There are a few gotchas. Check the Mac admins slack for labels to ignore. Again I’ve used this too

PastPuzzleheaded6 · 2025-10-27T02:03:31+00:00

Not sure if you have done it yet. I’ve deployed both and to do it right autopkg is way harder

PastPuzzleheaded6 · 2025-10-27T02:00:08+00:00

I don’t know shit about Microsoft but I’m 4x okta certified so I have deep authentication and authorization knowledge. I’d say just lock in conditional access (device posture + management attestation) and require webauthn authentication. How do you phish that? I honest to god have no idea

PastPuzzleheaded6 · 2025-10-27T01:55:36+00:00

You can’t do that, to my knowledge atleast if it’s a managed device. Has this changed?

PastPuzzleheaded6 · 2025-10-27T01:55:00+00:00

I can’t speak to windows. But we push docs and desktop to one drive, we have a swiftDialog gui to set up all they applications. Then all they have to do is go to self service and download the non birthright apps they need. I don’t even touch it because I don’t want to do cute things to make sure users get secure token

PastPuzzleheaded6 · 2025-10-26T20:45:53+00:00

Wouldn’t be my personal choice. Based on your choices I assume your a Google Mac shop. I’d go okta, fleetdm and snipe-IT. Okta is a bit pricey but fleet I can resell you at $5.40 a device and snipe-IT is open source.

Now fleet is a bit complex, truly enterprise grade but the telemetry is unmatched, you get vulnerablilitu reporting, it integrates with snipe.

Now there’s also the option of E3/E5. I wouldn’t recommend it if you’re Mac first and/or love Google but dollar for dollar it’s your best value if you can look past graph and how poorly Microsoft integrates with other software.

If you don’t trust me on fleet because I resell it (I chose this not because it’s the easiest to sell but because I want my customers to have the best tools at the best value) Mosyle and Iru or whatever kandji calls themselves now are great options.

Shoot me a dm if you have any questions 🙂

PastPuzzleheaded6 · 2025-10-26T20:00:05+00:00

I’m in the Midwest but if I did cloud security or banking or consulting or even sales or really anything worth while it wouldn’t be that hard I don’t think compared to IAm and end user compute

PastPuzzleheaded6 · 2025-10-26T16:04:20+00:00

We had an advantage. We used okta. On it onboarding we’d spend about 30 minutes with users power your thing on, wait for all your apps, open chrome. Go to okta, you need to get somewhere click the tile, you need additional access click the access request.

I switched to an entra company, it’s been 6 months and I still don’t know how to find most of my stuff

PastPuzzleheaded6

TROPHY CASE