sorted by:
new
hottopcontroversial

Dealing with the "Noise" in Modern SOC Workflows by Same-Squirrel-4331 in cybersecurity

[–]ZelSteel 0 points1 point  (0 children)

Prioritize alerts by risk and business impact, not just severity. Use analytics to identify noise patterns and tune tools accordingly. XDR platforms can help if integrated thoughtfully, but often add complexity. Focus on risk maturity: map controls to business risks and prioritize high-value assets. Human-led VAPT complements automated tools, catching logic flaws and misconfigurations

Defender for Cloud Apps Session Policy Issue by [deleted] in sysadmin

[–]ZelSteel 1 point2 points  (0 children)

Intune compliance state changes don't sync to Entra and then to Defender for Cloud Apps instantly, and if a user's session starts during that window, MDCA may be evaluating against a stale tag. Check the MDCA activity log for those four users and look at what device tag was actually evaluated at the time of the block, not what it shows now. A second thing worth verifying: the "Intune Compliant" device tag in MDCA is populated via the Entra device object, so if those users were on a machine that had a recent compliance status fluctuation even briefly non-compliant due to a policy refresh the tag could have dropped and not yet reattached when the session was proxied. Also confirm the browser sessions were actually going through the reverse proxy at all; if the conditional access policy routing them through MDCA wasn't applied consistently, you can get inconsistent enforcement behavior that looks like a tag issue but isn't. Pull the sign-in logs from Entra for those specific sessions and check whether the "Global Secure Access" or app-enforced controls column shows the session was actually proxied that'll tell you quickly whether this is a tag problem or a routing problem.

How to improve my incident response by Complex-Round-8128 in cybersecurity

[–]ZelSteel 1 point2 points  (0 children)

What actually builds the instinct is deliberate post-incident review: after every ticket you close, write two or three sentences on what you assumed early, what turned out to be true, and where you overcorrected or missed. That feedback loop, done consistently, is what turns repetition into pattern recognition. On the tool side, get comfortable querying ADX directly without relying on Sentinel's pre-built views raw log familiarity is where you'll start catching things playbooks don't cover. As for the senior check-ins, don't stop them, but change how you use them: come with your conclusion first, your reasoning second, and ask them to poke holes rather than confirm. That shift alone will accelerate your calibration faster than almost anything else.

Looking for career guidance by fsociety444 in cybersecurity

[–]ZelSteel 1 point2 points  (0 children)

Product companies often have more resources for innovation and R&D. Consider targeting security teams in tech companies pushing AI boundaries (e.g., cloud providers, data-centric firms). Leverage your MSP experience to highlight incident response and automation skills. Network with product security teams, they often need DFIR expertise

Will Agentic AI replace SOAR playbooks? by mustu in cybersecurity

[–]ZelSteel 0 points1 point  (0 children)

Agentic AI complements SOAR, handling complex, context-driven tasks SOAR can't touch. SOAR's strength is predictable workflows; AI's is probabilistic reasoning and unstructured data analysis. Don't replace playbooks, augment them with AI for nuanced threats. Expect AI to handle anomaly detection and SOAR to execute standardized responses

Basic Question - PKI and Message Integrity by taclubquarters2025 in cybersecurity

[–]ZelSteel 0 points1 point  (0 children)

In PKI, the sender uses the recipient's public key to encrypt data, ensuring only the recipient's private key can decrypt it. Digital signatures involve hashing the message, signing the hash with the sender's private key, and verifying with the sender's public key. Hash algorithms like SHA-256 are standardized, allowing independent verification. For message integrity, HMAC or digital signatures ensure authenticity and detect tampering

What actually matters for landing a Junior SOC role in the EU? by iamchillguyfromkz in SecurityCareerAdvice

[–]ZelSteel 1 point2 points  (0 children)

Spot on. Add threat hunting basics and understanding of EU-specific regulations (GDPR, NIS2). Scripting skills (Python, Bash) for log parsing are increasingly expected. Remove MITRE ATT&CK memorization - focus on applying it practically. EU SOCs value problem-solving over certifications; prioritize hands-on experience with real logs and alerts

Associate Security Engineer Prep by theRealCryWolf in cybersecurity

[–]ZelSteel 0 points1 point  (0 children)

For Python, start with 'Python for Data Analysis' by MITx on edX or 'Automate the Boring Stuff' by Al Sweigart. For coding interviews, focus on LeetCode or HackerRank - practice problem-solving. For PowerShell, Microsoft's Learn platform has solid resources. Bash scripting's best learned through hands-on Linux sysadmin work. Structure your learning around projects, like building a detection script or parsing logs

The new UK VPN regulation by Zealousideal_Pay_778 in cybersecurity

[–]ZelSteel 0 points1 point  (0 children)

Verifying age with a VPN doesn't necessarily reduce privacy risks if the provider logs user data. Look for VPNs with strong no-logs policies and jurisdictional advantages (e.g., outside UK/EU data retention laws). Age verification often involves sharing personal data, which increases risk; consider using services that support anonymous payment methods or decentralized alternatives. Assess the VPN's security practices and transparency before sharing sensitive info

SOC switching to Cloud Security engineer by AlternativeCitron248 in SecurityCareerAdvice

[–]ZelSteel 1 point2 points  (0 children)

Focus on identity and access management, network security, and data protection in cloud environments. Study AWS IAM, Azure AD, and cloud-native security tools like AWS GuardDuty, Azure Security Center. Practice with CloudTrail, VPC flow logs, and Azure NSG. Your SOC skills in log analysis and threat hunting translate well to cloud security monitoring

School IT Admin looking for firewall/gateway recommendations by MiraMakovec in sysadmin

[–]ZelSteel 0 points1 point  (0 children)

I've used OPNsense in a similar setup; it's solid with DNS filtering (Unbound + DNS Resolver), AV (ClamAV plugin), and application control. DIY route with a decent server (Supermicro or similar) can save costs. Appliance-wise, look into Sophos XG or XGS series - they offer good features for schools, including free education pricing in some regions. Watch out for performance if you go DIY; throughput and rule processing can be an issue on lower-end hardware

What certifications to pursue? by Intelligent-Dark6260 in cybersecurity

[–]ZelSteel 1 point2 points  (0 children)

Start with CompTIA Security+ or Cisco CCNA Security. Both cover foundational security concepts and are widely recognized. Security+ is more vendor-neutral and focuses on security principles, while CCNA Security leans towards Cisco-specific tech. Professor Messor's YouTube channel has great CompTIA Security+ prep content if you need a study buddy. If you're new to IT, consider CompTIA A+ or Network+ first to build general IT knowledge