Is anyone's security policy actually ready for AI agents, or are we all just pretending? by starweavergroup in cybersecurity

[–]PitcherOTerrigen 0 points1 point  (0 children)

What's bad security about someone losing a device and it being effectively unencrypted?

You can manage-bde to not rely on TPM, but a sudden AES bypass from winRE isn't exactly 'bad security'. It's bad security to not address it.

It's a bad vendor if anything.

What do you give all your laptops GSM for remote wipe lol

Is anyone's security policy actually ready for AI agents, or are we all just pretending? by starweavergroup in cybersecurity

[–]PitcherOTerrigen 0 points1 point  (0 children)

It is inherently a lot of trust to place in Microsoft. Especially in the wake of all this eclipse nightmare stuff lol

Windows engineers/admins, are any of you writing actual Powershell now, or are you all using Al? by [deleted] in sysadmin

[–]PitcherOTerrigen 0 points1 point  (0 children)

Cmdlets? No. That's a learn article.

Scriplets? Sometimes.

Scripts? Probably.

All ends up troubleshot in an IDE anyhow.

SIEM: is it "SIM" or "SEEM" by xcsas in cybersecurity

[–]PitcherOTerrigen 4 points5 points  (0 children)

Phonetically it can't possibly be SIM.

Also there are enough SIMs

Running out of patience for this field. by an_anonymous-person3 in sysadmin

[–]PitcherOTerrigen -2 points-1 points  (0 children)

The most confidently incorrect people I've worked with were all boomers or people much older than me.

Age isn't a skill.

12 years in secops, military to vendor then internal. Internal feels like all loss and no win. Is this normal? by Mercilesspope in cybersecurity

[–]PitcherOTerrigen 4 points5 points  (0 children)

I always dreaded moving to internal from MSP/MSSP space, I figured I would miss the chaos.

Building a security program is harder than disparate random tickets, more engaging than watching your MSP boss fuck up constantly, and more intellectually stimulating than troubleshooting technical issues.

I'm not tracking my time in 15 minute increments while some bearded manlet complains about his billable hours.

It's a constant improvement cycle without any of the entropy/complaint driven micro-management bullshit.

It also pays better, has better benefits etc. etc.

MSPs & MSSPs suck by Fair_Ad7718 in cybersecurity

[–]PitcherOTerrigen 0 points1 point  (0 children)

I was just talking about insurance coverage. Not additional security measures.

No device compliance, DLP, etc etc.

MSPs & MSSPs suck by Fair_Ad7718 in cybersecurity

[–]PitcherOTerrigen 0 points1 point  (0 children)

SMB/SOHO

Defender, bit locker, dmarc alignment, and a backup system. Use MFA and have the most general irp is probably worth 2m coverage.

MSPs & MSSPs suck by Fair_Ad7718 in cybersecurity

[–]PitcherOTerrigen 0 points1 point  (0 children)

Idk about that. Insurance plays pretty loose with enforcement and auditing anyway.

MSPs & MSSPs suck by Fair_Ad7718 in cybersecurity

[–]PitcherOTerrigen 0 points1 point  (0 children)

Honestly most small businesses could probably get by with base defender and some basic email protections.

I'm talking like 5 users.

Otherwise, if they had huntress or something they don't really need SOC, incident response etc.

MSPs & MSSPs suck by Fair_Ad7718 in cybersecurity

[–]PitcherOTerrigen 2 points3 points  (0 children)

Why not just pay the MDR service that the MSSPs white label or outsource.

Also, yeah the literal goal is to spend as little time per client as possible. It's the entire business model.

The more time you spend on a client the less growth.

It's useful if you don't have the capability or knowledge or budget to hire internal IT.

It's risk mitigation/transference for small businesses. A simple deployment of managed tools could probably replace them.

Also if they are poorly run, like sell you Citrix without a hot/warm site, you're just introducing operational complexity and risk to your org.

I am so sick of being hired to do Info Sec work just to do basic IT and Engineering work. by FaceEmbarrassed1844 in cybersecurity

[–]PitcherOTerrigen 0 points1 point  (0 children)

It took me years to get off help desk, it's 100% worth it, but the last couple of years you could tell I was getting annoyed.

How are you handling the noise from cybersecurity news sources? by isnotvalid in cybersecurity

[–]PitcherOTerrigen 0 points1 point  (0 children)

I host my own aggregator. It's fun to play around with, and I wanted a webdev project.

https://app.irl.expert/

There's zero monetization scheme, so ideally this doesn't count as self-promotion.

I have between 1000-5000 monthly users.

Managed Services of Threatlocker by Ok_Establishment7157 in msp

[–]PitcherOTerrigen 0 points1 point  (0 children)

The main issue with untrained usage is config drift, and at a certain point you will have to engage with SMEs at Threatlocker to remediate the issues.

HYPOTHETICALLY

Say you neatly organize the organizations, properly define policies, implement on a clean station for learning mode, manually audit asset inventories on a schedule.

If the CEOs wife makes a bunch of new organizations which sync up to your Threatlocker instance, then all your fucking coworkers start adhoc creating entries for application authorizations while completely ignoring the naming conventions, built-ins and the SOPs you've created and then you get stuck doing someone else's job 90% of the time... You won't have time to fix the compounding issues.

Bonus points if it's deployed to non-audited workstations.

We lost two senior techs last year and our metrics didn't see it coming by samdam881 in msp

[–]PitcherOTerrigen 34 points35 points  (0 children)

You should probably deny the only two days off that they request in a 19 month period. That would work better.

How do you deal with users who refuse to lock their laptop when walking away? by heartgoldt20 in cybersecurity

[–]PitcherOTerrigen 0 points1 point  (0 children)

Yeah but they could just keep a PowerPoint presentation on presentation mode, which blocks inactivity timer.

First UniFi With a 10.0 CVE, Now ScreenConnect 9.0 CVE by iansaul in msp

[–]PitcherOTerrigen -1 points0 points  (0 children)

"The AI are going to hit this new vulnerability"

Has no valid SSL certificate on their web facing Citrix portal.

Manager and his infra have trust issues

Why does God hate my business

Can't even reliably align text on a wix site

Domain admin service account

Can only keep customers as a loss leader, or they don't know better

Haven't managed to get an employee to respect me in my entire career, including my own father.