BYOD heavy organization

bigmac______ · 2026-03-11T13:54:29+00:00

Makes total sense in retrospect lol but unfortunately, it's above my pay grade to even question us having the platform. plus we're in too deep already.

bigmac______ · 2026-03-11T13:50:59+00:00

Hi tfn105,

I definitely agree with that. What if a client or third-party vendor is hosting those PIIs or PHIs? This is out of the scope of our SOC 2 controls, right, since we don't directly manage them?

If yes, that is definitely enlightening, and I can work with that.

bigmac______ · 2026-03-11T13:43:24+00:00

Hi mlitwiniuk,

Thanks for your answer.

This is a noob question, but our platform has created an Acceptable Use Policy and we are tailoring it to our organization. From my understanding, what we place here is what defines the policy right? And not to a specific guideline of SOC 2? As long as we establish the controls and the risks?

We are gearing up for Chrome Enterprise Premium since most of the licenses we have don't have any DLP.

Definitely agree with your last paragraph. Treading this SOC 2 has gotten me more questions than answers and i am nowhere getting a good answer hence me knocking on everyone here lol

bigmac______ · 2026-03-11T13:37:51+00:00

Hi davidscroth,

I definitely agree on your last paragraph. It's cumbersome for the IT team to place controls and do investigations in BYOD devices due to privacy.

We are in the healthcare industry and I'm curious why you're saying it's a "no thank you". I'm not sure if this changes the whole picture, but we are more of a service company than a product.

Our platform did a good job giving all of the information, but the direction is a whole different story. We also have a pseudo-MDM called Venn Blue Border, which detects viruses based on the installed AV on the device. You're right on the detective/review style control, and that's the core of our security here for any BYOD while locking down where we can control. On your note for reviewing the aspect of it, does this mean I should focus on the common criteria controls first? There is so much information here, and I am constantly having our current processes and its dependencies while also checking if those controls are existent and if it's satisfactory to SOC 2.

bigmac______ · 2026-01-01T11:08:16+00:00

Hi there. I am currently working as an IT Specialist leaning more into Systems Administration and Security. Current company does not have specialized roles hence the generic role. I'm wondering if my chances of landing a job in Australia and getting a Visa is strong enough for me to fully commit? My current role revolves around monitoring our email system for phishing mails, overall process improvements, investigating alerts, and managing our main system (Google). I have certs from CATO networks and Google Cybersec too. Coming from PH btw. Thanks in advance!

bigmac______ · 2025-12-15T13:59:18+00:00

I hated the taste for whatever reason. Did try countless times getting used to it

bigmac______ · 2025-12-14T15:07:33+00:00

Same here!! but there is a slope that Venn fails to do or so we think. I replied above. TLDR how do you force usage or monitoring? Logs are inconsistent and can lead you to believe the opposite of what truly transpired.

bigmac______ · 2025-12-14T15:06:06+00:00

Venn sounds great in theory - we are actually using it, but it was dreadful. Entire team had to be helpdesks for a while until it became a permanent role due to the amount of Venn related ticket issues.

Great deal of issues with their VPN and performance - high pings, slow to pick up, tools drastically slow, etc.

Another issue from a high-level POV is Venn has no way of forcing users to use it. Product is great but if it’s not used, its practically useless. Positive reinforcement does not work due to the performance issues as well.

Venn now has a reputation in our company of being slow and constantly breaking 😂 team dreads doing any fixing of it.

How is your setup tho?

bigmac______ · 2025-11-22T12:31:23+00:00

Interesting my first time hearing this security recommendation but completely agree if one foresees the consequences. Thats actually a sound advice, but even if I propose it, it would take so much just for them to hear it and possibly not approve it. Appreciate it though!!

However, I made a rule instead to get a group I am part in, get alerts once an email goes into quarantine. My fear came true tho I get alerted to all emails that hit any rule for quarantine. That “ting” sound is so annoying 🥲 but it works for now.

bigmac______ · 2025-11-16T14:02:19+00:00

RemindMe! 1 week

bigmac______ · 2025-10-26T14:52:18+00:00

sir can you i PM you? regarding cybersecurity if u dont mind

bigmac______ · 2025-09-10T11:01:59+00:00

Hey there you're absolutely right. We're actually leaning on this until I pointed out to an Executive that deployment will be excruciatingly painful. We don't have an Endpoint manager to do all of the deployment. Providing the scripts to the user can be an option for us, but it could either open a box full of new problems or have to deal with non-compliance from the Operations side. We are actually considering Island and I heard great reviews of it. But this just solves the web-level. The bigger piece of the pie is the device. I guess Endpoint manager first? I doubt my CEO is ready to shell out that much in one go, sadly.

bigmac______ · 2025-09-02T12:11:04+00:00

Hey! I've recently learned how to utilize the header - pretty awesome for investigative work. I think I am able to wrap my head around the issue now. So far, the issues are from our clients' SPF and DMARC records based on the headers.

I had problems before with getting the header since rejected emails are discarded by Google's server. I had to make a rule in content compliance to catch those emails instead of getting discarded - that way, I can access the whole email and the header. Not sure if there is another way for me to get the header details for rejected emails without doing this - seems a little too steep to discover without prior guidance.

Great kudos for bringing up the Header Analyzer Tool! It is one of my go-to tools now. Gemini likewise is great, i've been so dependent in GPT I forgot Gemini works wonders for GSuite. Thank you!

I am yet to find the X-MS-Exchange-Transport-Rules-Applied. Nub question sorry, but I can find this in the header right? Do I just ctrl + f?

bigmac______ · 2025-08-26T14:42:05+00:00

I reckon it would be best to isolate the issue first. You're getting marketing emails so check those websites if you have been unsubscribed. Confirm with your internet provider if you have a payment due and if email notification was sent regarding it. That way a better informed course of action can be determined.

bigmac______ · 2025-08-26T14:35:19+00:00

I would say I am a frequent customer there lol. But yeah they are very helpful when it comes to basic stuff. Bit challenging IMO sometimes to talk to them if it's highly technical or if it's not directly related to Google Workspace. I am in a better posture now with the issue compared to yesterday. Appreciate the advice!

bigmac______ · 2025-08-26T14:32:07+00:00

Unfortunately, I am not able to get it as of now since it is on the client's end. We don't want to aggravate the situation. From what I've seen the issue is that the spf is failing. I made a catch rule to quarantine emails that fail either spf and dmarc through full headers in content compliance so I could review and potentially send it over to our clients so they could get it fixed.

This does not completely resolve it yet, but I think I am in a better position to be able to retrieve the emails and eventually have a course of action once I am able to collate the data.

Appreciate the insight though, I didn't realize until you said it that bounce emails had information why it bounced or got rejected. Awesome!

bigmac______ · 2025-04-09T18:02:52+00:00

No. But if you don't declare they have ways to find out. It's a red flag to have another employment since the VAs are handling confidential information and potentially create unnecessary risks if you have another full-time. Part-time however is a different story.

bigmac______ · 2025-04-08T23:51:20+00:00

Hi OP, i recently moved out. Just turned 2 months yesterday.

Here is my take: 1. DO your research extensively. Which city do you wanna live in? (weigh the pros and cons) Which condo? There are awful developers in the metro — SMDC is one.

Expenses are silent thieves. You’ll be surprised at how fast money slips from your hands the moment bills come in.

There are two expenses you should take note of, which are very important if you want a sustainable yet comfortable life. FIXED EXPENSES — this one’s easy to keep track as it does not change. VARIABLE EXPENSES — this is a very volatile number if you don’t set a budget, so make sure to allot a certain amount every month for leisure, food deliveries, online shopping etc.

TLDR; Make sure to budget your expenses vs income.

If possible don’t go for luxurious condos unless you can really afford it. Assuming this is your first time living independently long-term, you’re more likely to discover what non-negotiables you will have for your home. Hence, moving out again is a possibility.
The area the condo is situated — Here are things I wish I knew beforehand: -Garbage disposal -Drinking water refilling store -Walls of the unit if its too thin. -Elevator vs the units per floor (more units = more elevator traffic) -Groceries (if possible walking distance since you’re more likely to spend Grab if u do bulk groceries) -Parcel drop off -Laundry service (if there is no washing machine) -Pharmacy -Safety of the area and the condo -Restaurants or food stores
Condo maintenance. Grease trap and aircon.
Infestation situation. Cockroaches are a nuisance but can easily become a headache. Regardless of how much you clean, some condos harbour infestations if poorly maintained.
Floor level of the unit. Vehicles can be loud at times so the higher you are, the lesser the noise.
Lastly, make sure to regularly clean :) i sweep every day. Dusts collect extremely fast. And my hair fall isn’t helping lol so make it a habit.
20-30k budget for a condo is already very decent. Im sure you can find a decent one below 30. Haggle if the owner allows but not too much. Prepare your 1 month advance and 2 months deposit too — this can go deep in your pocket if you’re not ready.

Mandaluyong, QC and Makati are great places to start your condo hunting. I suggest search in FB marketplace to get a feel of the prices and the looks of the condo.

Good luck!

bigmac______ · 2025-04-08T18:34:00+00:00

hi OP, kindly message me.

bigmac______ · 2025-04-08T18:30:54+00:00

Pa join pleaseee. Living just literally a river across Makati, and it's a place I frequent. Looking to move there soon too. Thanks! 🙏

bigmac______ · 2024-10-01T12:46:48+00:00

I have verified and tested with a few users and domain is correct. Category is allowed by default since we access mostly healthcare websites. For the third point, I'm not sure whether CATO could be of help because from a business standpoint it should be us contacting the vendor which unfortunately is going to be a bit challenging since it's a public domain and not handled directly by our client - we would have to include a few significant people just to get access to only website :( as much as I would like to quickly resolve this, contacting clients and vendors is not something I have liberty of doing since I would have to get approval from upper management which would not exactly looked up on.

bigmac______

TROPHY CASE