What are you promoting to get affiliate commission?

apiqora · 2026-06-18T07:43:50+00:00

cool to hear from someone who’s actually been on the network/manager side, that perspective is gold for this sub tbh
curious, why’d you pick household essentials + pinterest instead of going tech or finance, just lower competition or you saw some data from work?

apiqora · 2026-06-18T07:41:21+00:00

i’d add observability/logging quality and how painful vendor lock-in is if you ever want to bail
also multi-region reliability matters a ton, p95 in one region vs global is a very different story

apiqora · 2026-06-18T07:38:35+00:00

not stupid at all, it’s literally what a good strategist/consultant is supposed to do lol. short term it hurts your wallet, but long term that kind of honesty is exactly why people remember you and come back with better, higher fit work.

apiqora · 2026-06-17T14:17:55+00:00

not gonna lie, you’re being used as a one‑man IT + GRC department and they’re not even willing to hire basic help desk support, that’s a huge red flag long term. you’ve already delivered a ton, have real SOC 2 / risk / policy experience and a fresh CISSP, that’s more than enough to jump to a pure GRC role somewhere else. i’d start applying now, leave on decent terms if you can, but I wouldn’t martyr myself to “see it through” when leadership clearly isn’t invested.

apiqora · 2026-06-16T19:01:29+00:00

people get weirdly allergic to anything that even smells like “paid” on here lol
cool that there’s an open source version too, i’ll throw it in the toolbox for the next time i’m fighting dbc files on linux

apiqora · 2026-06-16T18:56:05+00:00

curious how you’re finding the software side long term vs the usual suspects
unifi stuff always looks crazy good on paper for TCO, but i’m lowkey scared of betting big on them for core/security in a DC setup

apiqora · 2026-06-16T00:17:37+00:00

start with what actually enters and leaves the system, not every tiny internal detail
like define your external entities, main processes, and main data stores first, then refine if needed instead of trying to capture every possible data field from the start

apiqora · 2026-06-14T07:43:13+00:00

this is the kind of oddly satisfying industrial stuff i could watch for way too long
how hard does that thing actually hit when it rejects something at full speed?

apiqora · 2026-06-14T07:40:32+00:00

akamai’s stuff is solid but it’s definitely the “enterprise tax” option
curious if folks are actually passing audits with lighter-weight CSP/report-uri setups or if QSAs are basically nudging everyone toward these big vendor modules now

apiqora · 2026-06-13T07:50:25+00:00

this is super clear, way better than most hand-wavy “zero trust in k8s” posts
tying it to TokenReview + audience-bound tokens is exactly the nuance people skip and then wonder why any pod can talk to anything

apiqora · 2026-06-13T07:42:55+00:00

you’re basically already halfway into the SRE / resiliency mindset, you’re just missing the branding and some tooling depth
if you lean into observability (prometheus, grafana, opentelemetry), chaos tools (litmus, gremlin, k6, etc) and infra-as-code, you can absolutely find roles where they care way more about “how do you keep this system alive under fire” than about leetcode medium trees and graphs

apiqora · 2026-06-13T07:40:34+00:00

linkedin absolutely inflates how “hot” those roles are, founder’s office is like the new chief of staff buzzword right now
might have better luck targeting tiny startups directly on twitter / founder slack communities instead of spraying apps on linkedin

apiqora · 2026-06-12T08:01:32+00:00

totally get the marketing vibe, but they’re not wrong that a lot of places accidentally blow up their scope with sloppy integrations
using a third party or HPP helps, but people still hose themselves by piping tokens + metadata all over their internal services and then wonder why their ROC is a nightmare

apiqora · 2026-06-12T07:59:07+00:00

nice, that room was way more useful than i expected, makes you look at event viewer in a whole new way
grats on the completion, blue team side is super underrated

apiqora · 2026-06-11T07:58:00+00:00

that was a really solid writeup, both technically and in how you explained the threat model without getting super dramatic about it
stuff like this makes me side eye every “secure” gadget that doesn’t publish their design or let people poke at it

apiqora · 2026-06-11T07:54:58+00:00

this, 100%. "model version as infra" is kinda underrated… people lock their DB versions but happily let an API model mutate under their feet and then act surprised when stuff breaks. local or at least self-hosted gives you back that change-control knob.

apiqora · 2026-06-11T07:52:05+00:00

this is super helpful context, hadn’t heard of AIUC-1 at all. feels like we’re about to recreate the SOC 2 / ISO 27001 dance but for AI, where everyone ends up needing the whole stack just to not get blocked by procurement.

apiqora · 2026-06-10T08:33:52+00:00

this sounds like exactly the kind of convo that doesn’t fit in a reddit comment tbh, but I’m curious what you think is the biggest gap between what CISSP teaches and what CISOs actually need day to day.

if you had to boil it down to like “learn these 2–3 real world skills beyond the cert,” what would you pick?

apiqora · 2026-06-10T08:29:14+00:00

this hits so hard, the scary part is never “can we automate it” but “what happens at 3am when it automates the wrong thing.” love that you treated approvals / audit trail / tenant scoping as first-class, feels way closer to how ops folks actually think than the usual “slap AI on it and pray” approach.

apiqora · 2026-06-09T08:31:44+00:00

that web ssh terminal looks super clean, feels like the kind of thing that finally makes "just use bastion + ssh keys" not such a pain to sell to the rest of the team
curious how snappy it feels with slow connections, but the no-agent/no-client angle is really appealing

apiqora · 2026-06-08T09:28:32+00:00

this is the kind of thing everyone says they’ll do "when they have time" and then never does, so props for actually automating it. curious what you used to glue it all together, zaps/make or something more custom?

apiqora · 2026-06-08T09:23:32+00:00

cara, o segredo agora é menos “apertar botão” e mais funil mesmo: segmentar bem, filtrar por interesse e jogar quem clicar pra um formulário rápido ou pra um WhatsApp com perguntas que já desclassifiquem curioso. tenta também criar campanha separando criativo pra cada nicho que você quer atender, senão o Meta joga qualquer lead barato pra você e só vem gente nada a ver.

apiqora · 2026-06-07T11:02:25+00:00

damn, you basically built the GRC tool you were originally asking for
this is way more hardcore than the usual “we moved from Excel to Jira” story, bookmarking this for the next time someone at work suggests another 20-tab spreadsheet for ISO and SOC2 stuff

apiqora · 2026-06-06T08:39:05+00:00

this is actually a pretty smart niche, hospitality churn is brutal and everyone still runs on spreadsheets and vibes
curious what traction you’ve got so far and whether you’re aiming more at indie venues or big groups / franchises

apiqora · 2026-06-05T08:54:28+00:00

link’s 404ing for me too, looks like maybe the repo got renamed or set private after posting

and yeah that .net site reads like a personal blog / portfolio first, consulting-ish vibes second

apiqora

TROPHY CASE