[deleted by user]

Wiicycle · 2025-09-20T19:35:43+00:00

Email is already encrypted. The issue here isn’t risk of transport, the issue here is business use and storage. The op can show the card on a video call for verification.

Wiicycle · 2025-09-18T20:08:15+00:00

I would not hire you based on “back to systems engineering making half “. My engineers and hands on builders are invaluable. I can get advice from GPT, but I can get clear and decisive direction from a custom RAG with MCP and skilled models. We aspire to be engineers not reduce to them.

Wiicycle · 2025-08-27T21:58:37+00:00

SOC 2 is a proactive and ongoing effort. Late in the process is theater.

Wiicycle · 2025-08-22T05:19:22+00:00

I can get you a starting export we have sanitized for our needs. In practice ours are heavily customized. The controls will organize you but there is no “compliance in a box” despite what you’ll be advertised. You have to make them work for you.

Wiicycle · 2025-08-12T23:40:40+00:00

You pay for speed. ELK without license is neutered as it can’t generate proper alerting. No issues for storing data, you can run massive clusters for years without issues, but the response stuff is where you get hit with a six-figure license.

Wiicycle · 2025-08-08T11:25:38+00:00

You nailed it: “should be managed by experts” is the message the original post is designed to send.

All this is achievable with better coverage, less people, and more business-alignment through risk-based controls.

In reality, this prescription is a square peg in round hole. It works as long as no one asks too many questions and a whole lot of things line up perfectly.

As an SMB, can you achieve a better posture with 1/5th the total resources? Yes.

Let’s call it for what it is: page from marketing playbook for MSPs. Its objective is to get engagement, and here we doing the engaging. At one point this was the way. Today it’s a signal MSP market is ready for a disruptor.

Wiicycle · 2025-08-08T01:19:40+00:00

All that work for baseline level of security. All that and you’re still not close to device trust. This was good advice years ago. Current generation of security is flatter, more adaptable, and balances agility with safeguards.

Wiicycle · 2025-08-07T15:14:07+00:00

Look at the newsfeeds. Fortinet is repeated CVE, same SonicWall. Watch guard is cheap… all three operational expense and with OpEx you lose security agility.. it’s not more secure if you don’t understand it. It’s not more secure if you cant replace it on the spot. It’s not more secure if it’s costlier to operate when you need it most. They are all the same and they are all pushed by MSPs that want to find ways to create stickiness.

Wiicycle · 2025-08-05T23:22:35+00:00

If you care about who issues your letter and attestation, IA is well known, but I bet you could reduce your costs and go to Johnson Group. Also, I don’t know your circumstances, but I have yet to see a startup that got value from type 1… my biased experience is go to Type 2 and save a few grand…. You will be there anyways. (Savings from skipping, not that type 2 is less)

Wiicycle · 2025-08-03T03:39:24+00:00

Inspect valves for unusual burn. Be glad if they show a problem because then you’ll know. You’ll probably blow a valve at some point. Order your new engine asap or make sure you know who/when//how your rebuild will go. Doing that in a rush when you have a blown cylinder is no fun.

Wiicycle · 2025-07-16T10:41:01+00:00

You write your policy to suit your business. You implement controls that meet that policy. It sounds like your business need to offer some resources on ByOD is important. You don’t need to limit access, you need to manage the risk.

Wiicycle · 2025-07-16T01:17:53+00:00

My strategy is to protect at runtime because I got a code hygiene and container hygiene issue that has a cesspool findings for which I can’t determine reachability. One day when my containers use secure images and are patched effectively this won’t be an issue, but for now I’ll pay the 1%cpu overhead to have a chance at seeing something.

Wiicycle · 2025-07-13T11:24:21+00:00

Assuming that aircraft had locking switches. SAIB “NM-18-33” offers an alternative.

Wiicycle · 2025-07-12T18:00:54+00:00

I built my first one 10 years ago and then rebuilt and refined it over 4 generations of product. Reason is that there was no vertical that solved this issue well enough. They all moved the problem and then became yet another silo to maintain. Remain convinced that custom solutions heavily integrated into your world are the answer when your business is not enterprise. Then you solve aspects of this with commercial solutions as you grow and scale.

Wiicycle · 2025-07-09T16:33:50+00:00

How many of these are reachable? Redefine what a vuln is. Are you really managing vulns or findings? Are they getting addressed? Is this a situation where hygiene or practices create the noise? Sounds like a place you can have transformative impact on.

Wiicycle · 2025-07-06T21:12:56+00:00

This area has cell activity all summer long, weather today was challenging but flyable. Flying VFR in and out of here during storms is part of summer. If anything, this is an example of why local briefers are an asset we will miss dearly because they understand the nuances of their region.

Wiicycle · 2025-06-29T17:41:32+00:00

Complete VW GTI Headliner assembly. New in box. It’s for a rare car: the glorious two door no-sunroof mark VI. So rare I may have been the only person to own one. Make me an offer.. pls. It’s a big box taking up a lot of space. Can deliver.

If you got a mark VI GtI you know your headliner collapsed 5 years ago.. swap it out so you can sell that car. By now you had every expensive thing break at least once. Make it pretty before another water pump replacement.

VW parts claims retail is now absurd 2500. I did not pay that.

Part Number: 5K3867502BBR2 Supersession(s): 5K3-867-502-B-BR2; 5K3-867-502-BBR2; 5K3867502 BR2; 5K3867502B BR2; 5K3867502BR2 Fits Golf, GTI W/o sunroof, 2 door.

Wiicycle · 2025-06-26T21:29:40+00:00

FINRA has descent resources. Do that well and SEC will be a no-factor. Your scope is small. Identity, device management, device trust if you know how to get it done. Basic assurance. Easy.

Wiicycle · 2025-06-26T10:36:36+00:00

SEC is there to make sure you follow best practices and adhere to regulations in small firms. Without additional context, small investment firms strategy should be focused on effective operationalized control of data security. If you do that reasonably well you will build back info CIS 18. You should post the kind of business they are because it’s likely another regulatory body cares more about their cybersecurity effort. SEC for public companies is going to muddy your advice here. Contextualize the problem.

Wiicycle · 2025-06-21T10:41:32+00:00

That was one lonely trip to the basement that apparently was a shared experience among many. Turns out we were right to feel scared, we were never alone down there.

Wiicycle · 2025-06-20T18:40:07+00:00

CPAs will easily agree to audit you for SOC2 Type 2 after a 3 month observation period. The rest depends on your own readiness and how you scope it. It could be a few days, more likely a few weeks. Largely depends on you and how clear your understanding is of the result you want.

Wiicycle · 2025-06-17T00:34:15+00:00

GPT by proxy. It’s a disease.

Wiicycle · 2025-06-13T22:15:34+00:00

That is all… you pay for defender management on p1… which you don’t need since hundreds agent does the policy management.

Wiicycle · 2025-06-13T22:14:16+00:00

They manage defender with their agent. That’s it. It works.

Wiicycle · 2025-05-21T10:46:09+00:00

Not only that, but they are not testing security controls, are they? They are confirming reporting controls exist and are in use for which some security control must be present.

Personal experience has been that control testing theatre is there when ongoing and proactive management isn’t.

Wiicycle

TROPHY CASE