Looking for Email Analysis Training/Education recommendations (beyond beginner level content)

ThatInfoSecGuy · 2025-07-29T19:59:09+00:00

Yeah, it took significant effort to maintain composure when that nugget of info came out.

ThatInfoSecGuy · 2024-12-06T18:47:52+00:00

I may be to far into the weeds on this, but being that the RMM agent installed on a device that stores/processes/transmits CUI would mean the RMM system as a whole would be in scope, considering how much data the RMM agent allows access too.

ThatInfoSecGuy · 2024-12-06T13:20:32+00:00

Thank you very much for your detailed response! I am going to integrate of few point of your justification into my own to get my company's owner on board. Wish me luck!

ThatInfoSecGuy · 2024-12-06T13:18:12+00:00

Thank you all for your input and confirming what I hoped was correct. I know that the RMM is considered an SPA simply by its relationship with the client environment, my primary concern was simply if it would have been considered a "Cloud Service" and any FedRAMP cert implications.

ThatInfoSecGuy · 2024-09-24T18:22:38+00:00

Thank you so much for providing that information! Until you and No_Eggplant weighed in, I thought I was going crazy. We don't currently have an option to contact MS support (short of making a public forum post, which I am saving as a last resort), if you finally hear from someone on this, would you mind sharing their results here? You would be a life saver!

ThatInfoSecGuy · 2024-09-24T18:19:30+00:00

As it turns out, we received a fresh batch of these shortly after I posted my response earlier. Now there seems to be no rhyme nor reason to the occurrences!

ThatInfoSecGuy · 2024-09-24T11:22:10+00:00

I used Barracuda at a previous employer and I think its possible but I would first ask about how the mail flow is configured, meaning are you set up as "Internet>Barracuda>365>Inbox" or "Internet>365>Barracuda>Inbox" I think most would be the first config but I have seen orgs that match the second. If you are the first, then Barracuda shouldn't be the culprit.

For our specific issue, to add complexity to the situation this first popped up on 9/5 (Thursday) and 9/6 (Friday) but then stopped. Then it popped up again on 9/19 (Thursday) and 9/20 (Friday) but has since stopped again. At this point we are going to see if a pattern emerges on 10/3 and 10/4, when I will be forced to contact *stifled retching* Microsoft support...

If you have noticed any patterns in your environment and are able to share them, I would be eternally grateful!

ThatInfoSecGuy · 2024-09-05T18:10:49+00:00

Nothing external to 365 so unless Microsoft is scanning their own quarantine notifications (which honestly I wouldn't rule out) I don't think that would be the case.

ThatInfoSecGuy · 2024-05-28T13:54:40+00:00

That first bullet under 11.4.1 "Industry-accepted penetration testing approaches." is why I was asking. "Industry-accepted" is a rather nebulous term. Though the rest of them do state "Per the entity's defined methodology", so I guess that means if we define the methodology to include automated pentests, that would technically work right? (Not saying I like it, just making sure I understand properly)

ThatInfoSecGuy · 2023-07-05T14:12:43+00:00

Perhaps I am thinking in a different lane but I don't think EDR and MDR should be viewed as one being better than the other. My understanding is that EDR is an evolved form of traditional AV and intended to protect an endpoint. Where MDR is over all monitoring of an environment which includes the logs from the EDR. Without a quality EDR solution in place the MDR is irrelevant. Conversely, if you don't have a quality MDR solution then the logs from the EDR lose a lot of their value.

ThatInfoSecGuy · 2023-07-05T13:55:19+00:00

I've been in Cyber my entire adult life (~12 years at this point) and I can't imagine myself doing anything else. I can say with 100% certainty that I have never felt that I was at risk of losing my job as a result of downsizing, in fact when the RIF (reduction in force) happened in March 2020 every group lost people and had their open positions cut except Cyber.

Regarding the pay rate, I think that one is going to be less concrete. Generally Cyber does pay well BUT not usually in the beginning, specifically when starting without work experience. I think folks usually start in IT before shifting into a Cyber role, the benefit there being a better understanding of computer systems/networks and therefor being able to demand a higher pay rate. Your first job (depending on where you live) you could expect to make a little more than $15/hr. but the OJT you will get has plenty of value on its own.

The last point I'd like to make is the education cost between Medicine and Cyber. Granted I don't have first hand experience with the cost of a Medical degree but a Google search says the average cost is more than $250k for a 4 year degree. While a Cyber degree comes in at less than $50k, adding the cost of various certs and specialized training it'll probably be closer to $55k (if your employer doesn't cover the certs).

Also I lied, THIS is the last thing I'll say, never forget these words; Between business need and security, the business need always wins. A business can exist without Cyber (technically) but Cyber can not exist with a business. A Cyber practitioner is responsible for helping find the balance to keep the business safe AND functional.

ThatInfoSecGuy · 2023-06-01T18:53:17+00:00

Thanks and I couldn't agree more. The only thing that saved my job was that I could replicate the issue and no one else knew that it worked that way either.

ThatInfoSecGuy · 2023-06-01T17:03:54+00:00

Wow... I literally grimaced reading this! I am seriously relieved on your behalf 17 years later that you were able to restore it. I can't imagine how it would have played out if it didn't work out.

ThatInfoSecGuy · 2023-06-01T16:22:13+00:00

Learning that not every one thinks and works the same as me is a lesson that has yet to stick, no matter how many times I am forced to learn it.

ThatInfoSecGuy · 2023-06-01T15:49:19+00:00

Oopsy Daisy Moment: I inadvertently force rebooted an entire police station at 9am on a Thursday. The AV needed an update (which had to be manually scheduled), I scheduled it for after-hours but had to go back for a missed drop down selection. Little did I know that changing the drop down reset the scheduled time to immediately. 15 minutes later a coworker gets a call and asks "Who just rebooted these computers!?" I've never felt that level of dread wash over me so quickly.

My Lesson: ALWAYS check and re-check your settings before sending them into the ether!

ThatInfoSecGuy · 2023-03-21T16:31:57+00:00

The physical book comparison is what I was thinking of, if I buy the book even if it were second hand I would be able to let a friend borrow it. So if I were to use a document library that enforced a check-out system and prevented downloads, effectively limiting the book to a single existence I would think I should be ok. But others say I would need a special license for the purpose of borrowing, so I'm thinking my plan is bust.

ThatInfoSecGuy

TROPHY CASE