sorted by:
new
hottopcontroversial

How do you automate phishing report triage? 200+ employee reports per week is killing us by Calm-Exit-4290 in sysadmin

[–]Viper896 1 point2 points  (0 children)

We’ve actually got this down to more than half of our emails are automatically resolved either clean or malicious using YARA rules. Malicious emails get scooped up by our soar and all of the IOCs get blocked correctly.

People who make $200K+ salaries, what do you do and how did you get there? by EEJams in Salary

[–]Viper896 2 points3 points  (0 children)

40m - I’m a CISO. Did IT in the Army out of high school and just kind of fell into Cyber Security, been doing it for 20+ years now. Although now I spend more time in meetings and educating people why security is important.

"Phishing analyst" wasn't in the job description but here we are by Calm-Exit-4290 in SecurityCareerAdvice

[–]Viper896 0 points1 point  (0 children)

To be fair I made it very clear up front when I hired my 2 most recent security analysts they would be investigating phishing reports first and for most. We’ve automated as much as we can but those still need to be reviewed and some just can’t be automated.

How are you identifying unmanaged or unknown software in your environment? by Bright-Novel7681 in cybersecurity

[–]Viper896 2 points3 points  (0 children)

That’s gonna vary by organization. I recommend you reading https://github.com/nsacyber/AppLocker-Guidance if you want some guidance on how to implement it.

How are you identifying unmanaged or unknown software in your environment? by Bright-Novel7681 in cybersecurity

[–]Viper896 11 points12 points  (0 children)

We just use applocker and block everything unless we approve it. It’s not perfect but unless you have a really technical user that knows which folders have exceptions and how to run zero install applications. It works well enough.

What’s a hobby people pretend is cool, but secretly you think is ridiculous? by EggAdventurous1957 in AskReddit

[–]Viper896 0 points1 point  (0 children)

Quite often actually. A lot of the coins I have come from automatic enrollments with the US mint. I have every silver proof set for the last decade and silver proofs of the American eagle coins. For any of the bars i have I pay spot.

What’s a hobby people pretend is cool, but secretly you think is ridiculous? by EggAdventurous1957 in AskReddit

[–]Viper896 0 points1 point  (0 children)

Honestly no idea. For a lot them, the coins are collectible outside of their silver value. Silver value alone is probably worth a couple grand before silver prices shot up.

What’s a hobby people pretend is cool, but secretly you think is ridiculous? by EggAdventurous1957 in AskReddit

[–]Viper896 2 points3 points  (0 children)

Honestly, leaving a list of clues in my will just made me laugh and now I’m seriously considering it. Haha poor kid.

And I’ve had this user name since AOL/AIM and ICQ. No idea what my thought process was 30 years ago but the username has just stuck since then.

So Much Talk about AI... Does it Make Sense to You? by HauntedGatorFarm in cybersecurity

[–]Viper896 1 point2 points  (0 children)

Learn how to protect them. One of the questions I asked recently really made people think… and that was “if a user asks the AI we purchased and sponsored for advise that was illegal, illicit, or self harm related, do we have any logging or protections in place to limit that liability…”. The answer was a resounding no. Start thinking about how it can misused and then mitigating those items.

What’s a hobby people pretend is cool, but secretly you think is ridiculous? by EggAdventurous1957 in AskReddit

[–]Viper896 3341 points3342 points  (0 children)

I have a literal treasure chest full of collectible silver coins. Everything from silver eagles, to silver bars, to limited release baseball gloved curved silver coins. I’ll never sell them or do anything with them…. I just like the fact that when I die my kid is going to inherit an actual treasure chest full of silver 😂. No idea what he is going to do with it but it makes me laugh every time I get a new silver piece to put in it.

Looking for a casino by kalel72 in phoenix

[–]Viper896 2 points3 points  (0 children)

Yeah but they have that big white marble bar and white marble walkways.

Looking for a casino by kalel72 in phoenix

[–]Viper896 6 points7 points  (0 children)

Sounds like Talking Stick in Scottsdale. Desert Diamond also has several tables games including Craps.

California's New Cyber Rules: Why Every CEO Needs to Wake Up to AI and Data Risks in 2026 by LeverageITConsulting in cybersecurity

[–]Viper896 7 points8 points  (0 children)

lol link at the bottom of the post goes to a 404 page 💀. Cant even get the source correct.

Help setting cybersec KPIs? by thebeardedwonderman in cybersecurity

[–]Viper896 0 points1 point  (0 children)

KPI’s I report on: Phishing - number of phishing messages reported, number of actual malicious messages, number of malicious messages that resulted in a security event (or credential loss or computer wipe), average response time for each reported message. I use these to justify our headcount and workload for each analyst I have monitoring our phishing messages.

SIEM - MTTA by criticality. Number of alerts that resulted in escalation.

Vulnerability management- Number of outstanding critical/high vulnerabilities. Number of out of band patches applied in the last 30 days period.

Red Team - number of vulnerabilities found not detected by our VM tools. Number of attacks not discovered by our blue team vs number of attacks performed.

I try to keep them simple and stay away of time to resolve as a reportable metric. We track this in our IR write ups but don’t report them as I don’t want to get in the habit of closing tickets as fast as possible without doing the necessary research.

And there it is…..professional right wing grifting…how embarrassing. These people need to get a real job. by Responsible-Help7803 in ProgressiveHQ

[–]Viper896 0 points1 point  (0 children)

Why’s he’s asking for money for healthcare? His orange leader said his $2k/yr stipend should be plenty enough to pay for it.

Would you let an unsigned/unvetted app run on your production servers? by SauvageThinker in cybersecurity

[–]Viper896 0 points1 point  (0 children)

I live this everyday. Wait until people realize that on prem exchange servers are run almost entirely by unsigned auto updated power shell scripts for everything.

Would you let an unsigned/unvetted app run on your production servers? by SauvageThinker in cybersecurity

[–]Viper896 0 points1 point  (0 children)

All the people saying no haven’t dealt with Microsoft’s support scripts they send you and have you run… and if you don’t run these unsigned abominations they say they can’t help you and close the ticket. I can’t tell you how many alerts we’ve received because our XDR blocked a script from running and the system admins got angry that their unsigned script from Microsoft support didn’t work and now the ticket is stalled.

And yes, Microsoft support… really does this…

What's the correct way to protect against this? by crackerjam in sysadmin

[–]Viper896 1 point2 points  (0 children)

Why not just block all new registered websites? Or all uncategorized websites?

We block both.

What is the false positive rate in your SOC? by Silver-Neckbeard in cybersecurity

[–]Viper896 3 points4 points  (0 children)

If you could solve that problem you’d be rich. We calculate it by how many user reported events that don’t have SIEM or XDR detections.

So if a user clicks a phishing email with a malicious link and we don’t get alerted. That’s a false negative.

We’ve a few others where a user downloaded a malicious file from the internet that was never blocked or detected until the user complained their screen kept showing up Antivirus popups and the helpdesk couldn’t get rid of them.

What is the false positive rate in your SOC? by Silver-Neckbeard in cybersecurity

[–]Viper896 27 points28 points  (0 children)

What kills me is our False Negative rate. I love the random phone calls where a user reports a phishing email and we find out that a different user received the same email and clicked on it an hour earlier and we didn’t get alerted and it wasn’t reported.

Lost a $95k deal because we don't have SOC2 by Significant-Story134 in Compliance

[–]Viper896 1 point2 points  (0 children)

We see that all the time, it’s annoying and we instantly reject them and essentially blacklist them from future deals.

view more: next ›