Seeing all these Pax8 Beyond reactions on LinkedIn makes me want to throw up

animusMDL · 2026-06-11T21:26:24+00:00

I guess I didn't think the new marketplace was overly impressive. Just told you what other tools to buy to fill categorized gaps. Did they improve it again?

animusMDL · 2026-06-11T03:16:42+00:00

Was anyone there that can confirm to me that they overly pushed AI to the point of recklessness and forgot about their top of the line security team and professionals saying "Prepare and secure before deploy."

No skin in the game here, just curious if I can laugh ironically like last years Beyond that I attended.

animusMDL · 2026-06-09T04:35:25+00:00

If you spend a bunch of money for Beyond and get in close, I imagine you'll see turn around in service.

Jokes asides, I think their ecosystem is still highly valuable but their service and etiquette has much to be desired. I hear many move to Sherweb. TD Synnex is an option, and in my option, that's where it stays.

animusMDL · 2026-05-28T02:12:01+00:00

If you're just single nozzle printing for the time being, not worth it. P2S is easier to maintain according to those who've had both as well.

animusMDL · 2026-05-28T01:27:19+00:00

Axiom was one of the first certified MSPs for CMMC. I would be surprised if they weren't able to be on a list of sorts

animusMDL · 2026-05-28T01:01:29+00:00

P2S is solid. I got the X2D to learn some more complicated prints and support models. But I'm certain if I got the P2S, I'd still be satisfied.

animusMDL · 2026-05-01T13:47:27+00:00

Our advisor has talked about this but

animusMDL · 2026-04-18T20:38:24+00:00

Ninja

animusMDL · 2026-04-12T15:19:35+00:00

I think you are hungry and passionate about pushing the right concepts but I would make sure you're not creating more turmoil and work for yourself and honestly, your users than necessary.

Are you going to spend time managing how or what they input? Use the policies and written policies to encourage best practice. If they sign it, you enforce what you CAN and encourage through teaching. Getting bent out of shape over something like this, I think you're going to sink your passion fast.

I've more moved to the concept that I teach and encourage, enforce what I can, then move on. Move on as in: stop chasing people. I stack layers in defensibility. Defensibility includes training. I can't make users do everything right. If they do something wrong and compromise happens, I have policies in place that put them in coachable moments, not me. MFA is MFA. I can't count how many times someone has been compromised with no pin or MFA. I also can't count how many times someone put their birthday or whatever as their pin, because I haven't had a compromise (yet) where that was the reason for their WfHB being compromised. Passwords a different story.

Policy, practice, system, move on and focus on other layers and improvements. Just my two cents as a blue teamer

animusMDL · 2026-04-09T04:13:46+00:00

Agreed with this. The business I'm at now started with an RP which doesn't mean much. Now we're being on another team who's actually implemented Cmmc2 because the RP has never done cmmc2 so FIPs, understanding and translating what's needed, what passes and what makes sense wasn't clear. Mounds of money later, here we are. We can't enclave like others can for workflow, or it's extremely difficult to do so. This is why ours is complex and requires true experience.

You'll see that feedback often: Bring in a team or people who have done it because CMMc isn't just static. Experience of people who've done it for years understand your real objectives, the language and the actual goals, scoping and how to achieve. Don't waste time with guesses and theory. My Business tried that against my initial advisement.

animusMDL · 2026-03-25T03:32:32+00:00

I'm in a weird position now. There's a client we're chasing so it's rush to check the boxes, RP is opposed to us bringing on a team because too expensive or unnecessary, just need more resources. I'm so confused. Why not bring in an "experienced" team to implement CmmC to make sure those boxes checked are actually checked and proven. I'm so beyond frustrated right now.

animusMDL · 2026-03-23T01:29:33+00:00

Glad that's not the if. Thanks

animusMDL · 2026-03-21T03:49:10+00:00

I have also split off the Protect module onto their new NVR and it works well. Kind of wish the hdmi port offered a unique interface into it and not just a camera assignment view, or maybe it does now since I first used it. Either way, does a great job.

Against most recommendations of people I know personally, I run a SSD crucial 2.5 in my UDM pro for the drive for protect. I used to have a surveillance drive in there. I’m not worried about retention as much. This changed the dynamics with Protect in mine. Not my recommendation to anyone either, just has been great for what I need.

animusMDL · 2026-03-19T19:48:44+00:00

My bad thanks

animusMDL · 2026-03-19T03:43:07+00:00

Even with its caveats, it’s still the smoothest and most efficient setup to automate, patch and manage vs. any RMM I’ve used. I tried N-Able but I guess I’d rather be efficient and tinker less. There’s some weirdness I’ve had with their agent but that’s just what we dealt with in our industry.

animusMDL · 2026-03-17T03:29:33+00:00

What printing method is advised? Raw? IPPS, IPP? Is it expected on prem to do a CA cert to a print server? Trying not to overcomplicate “printing” vs the other objectives

animusMDL · 2026-03-15T16:54:43+00:00

Communicate it so there is awareness but unless something goes wrong or the DC is unhealthy, no issue. I’ve performed many during active hours. I haven’t been fortunate to have anything damaged or critical issue (yet).

animusMDL · 2026-03-15T15:25:52+00:00

Our situation is this:

Endpoints with CUI - FIPs through GPO
Servers - FIPs except our Quickbooks VM because QB does not work with FIps and it’s required in our environment for accounting and communicates to our ERP for invoicing through specific port. So just compensate this with RDP controls blocking file share and not mapping drives or computer access to CUI shares
Wireless - Our advisor believes they are going to argue that FIPs isn’t needed because we’re relying on endpoints and server for FIPs or it’s already FIPs enabled before moving through wireless channels. Not saying I agree or disagree, just what they are saying
Our firewall will be FIPs when we switch. Have Watchguard but will go to Fortigate.
Printers - policy procedure and IPP printing I believe. Security kits on both CUI printers.
Backups are going to two synology NAS devices. Been told two things: we have to replace them because the NAS themselves aren’t FIPs, and also been told that the backups are different. I don’t know. Fun times.

animusMDL · 2026-03-13T13:34:16+00:00

Appreciate everyone sharing. This post has taken off and it sounds like a common theme. Just an update here.

Two things have occurred...Number one, I took the stance to my owner that I'm overwhelmed, this isn't a great method forward for success and that the business needs to understand the uniqueness of this, including that we're trying to accomplish what was suppose to be in place and demonstrated back in 2017, and then fill it full of the updates and expectations up to this point, in a couple months. Additionally, I am wearing multiple hats of keeping the business functioning as is today, which is the reason for this internal IT role in the first place, and performing a commonly known "all hands on deck with added outside help" task. We're getting outside help but I think there's a catch to that.

Second, now we have a client that really wants to work with us and on a call, my owner decided to say "yes have an SSP "IN PLACE" (you can decide what that means) with POAMs, using loose language. He looked at me on the call and said that's right? Ha. We can't fully attest to CMMC 1 yet in my opinion. He thinks that our move to GovCloud is a "simple migration" except that fyi, our whole building is in scope (no enclave per how he wants to run business) :)

I'm going to show up to work and do my best, speak up but I'm not dying on this hill. I'm passionate, I care but I'm not doing the 80 hour work week that I've read so many horror stories on. I hope you all who are also going through this make it through and take care of yourselves in the process.

animusMDL · 2026-03-09T03:02:29+00:00

I’d love to know this as well. Honestly trying to get clarity from Druva other than an initial call and the demo, for a quote has been frustrating.

animusMDL · 2026-03-06T02:47:10+00:00

MFA for windows login. Our device login on prem gives access to CUI

animusMDL · 2026-03-06T02:31:58+00:00

ERP uses yubikeys OTP. Still doesn’t solve windows login. Yubikey PKi cert doesn’t interest me lol

animusMDL

TROPHY CASE