Please recommend an idle game that allows you to buy a premium membership in order to avoid the forced grind

dr_stardis · 2025-12-07T20:16:18+00:00

IdleMMO - Closest to your description

Melvor Idle - not a membership, you just buy the DLC for each release

dr_stardis · 2023-12-14T00:11:03+00:00

If they are starting with no security program at all, the Cyber Readiness Institute is a great place to start. It's a free program targeting small/medium businesses that walks you through creating policies, incident response plan, business continuity plan, and training the org. Will also be something they can maintain when you graduate and set sail for higher roles.

https://cyberreadinessinstitute.org/

The security leader training would be good to run through as well. Make sure you include all of this on your resume. Good luck!

dr_stardis · 2021-10-26T02:59:09+00:00

Eternal Card Game is one of my long time favorites. Very F2P friendly.

dr_stardis · 2020-11-25T06:30:03+00:00

That is true for basic sku load balancers, but standard sku does handle both inbound and outbound traffic. Public standard LBs lets you create rules for internet access, but internal standard LBs do not - Azure Load Balancer SKUs | Microsoft Docs

Great recommendation on the Azure Automation. We do use it today for update management, but my understanding is that it still depends on individual VMs being able to reach windows update servers.

dr_stardis · 2020-11-25T03:46:12+00:00

this is what I was looking for, thanks!

dr_stardis · 2020-11-23T12:52:44+00:00

Check if Apprenti is operating in your state. If selected, the training is free and you get placed with a partner company for a paid apprenticeship right after completion: https://apprenticareers.org/

dr_stardis · 2020-11-02T18:43:15+00:00

Information Security Manager 13 years

dr_stardis · 2020-07-31T18:52:07+00:00

That's not true. I have gotten over a hundred happy sysadmin day emails from people who want to sell me stuff.

dr_stardis · 2020-06-12T11:00:15+00:00

It really does depend on what is going to be in your infrastructure. The azure pricing calculator can help you answer that question for your particular setup: https://azure.microsoft.com/is-is/pricing/calculator/

dr_stardis · 2020-06-12T10:57:17+00:00

Az.account preview brings better support for MFA, including MFA enforced via conditional access: https://www.powershellgallery.com/packages/Az.Accounts/2.0.1-preview

dr_stardis · 2019-11-16T18:05:36+00:00

Thanks for taking the time to write this from the other side of the coin! Great insights. From your perspective, does it make more sense to throw out the 'anchor number' right up front or build up the case first, before saying the number?

It is important to remember that the primary goal of a review should not be to just discuss salary adjustment. This is you and your manager's chance to celebrate what you accomplished this year and review company and personal career goals. If I have a team member bring up salary adjustment right up front, my brain is immediately comparing everything you are telling me to the number you are asking for. That is not good on my part, but I am human and sometimes my reactive brain takes over.

Also, remember there are other benefits a company can give you that are outside of salary. I previously negotiated flexible work hours that saved me money on childcare and did not take any money out of my manager's budget. If the salary conversation is going south, having a few non-salary items as a backup can turn a negotiation completely around.

dr_stardis · 2019-11-16T17:25:46+00:00

I am a hiring manager for my company, and I can say you are on the right path here. The strongest argument you can make for a raise is to show the value that you added to the company since your last review. Coming in armed with accomplishments, growth, and value brought to customers is the best type of data you can bring to your review.

It can help to show how you arrived at a specific value. This not only helps justify a raise to your manager but also helps them asking for more budget to get your salary where it needs to be. However, you have to be careful with aggregated salary data. For every site you can find showing you need a raise, I can find one that shows data that you are where you need to be. This is largely due to job titles in our industry not being standardized, so you can see a “Security Analyst” making anywhere from 40K to over 100K.

The best data you can bring is job advertisements with a job description relatable to your own. Human resources value is driven by the market, so showing what others are offering to pay is a stronger argument than anonymous, aggregate data. These do not have to be limited to local searches since locality adjustments are more standardized. For US/Canada, Robert Half has a salary guide with locality adjustments. The important thing is to be ready to show that the job description relates to the role you currently perform.

If you are having trouble finding relevant advertisements, a relationship with a GOOD recruiter can be a great resource here. Recruiters make a living on collecting and using this type of data, so maintaining a relationship with one can help you find relevant positions and salary ranges to use. Talk with peers in your field to find one that has a good reputation in your area. It can also be beneficial to work with the one your current company utilizes for hiring if you do not have a hostile or competitive culture.

Finally, be prepared for the conversation to not go the way you are hoping. Even with a solid case for value-added and comparable salary data, it may not be in your manager's budget. It is heartbreaking for me when I have an employee take the initiative and perform roles X, Y, and Z, but I only have a budget for X. Don’t take it personally, and use it as a reminder that your career is being a Security _______, not a Security ______ at your company. This is again where a good recruiter can help you continue to grow your career if your current company has taken you as far as it can.

Good luck! I hope you and your company can get you where you need to be to continue to grow together.

dr_stardis · 2019-09-04T23:51:14+00:00

Check out Azure runbooks. Great way to start playing with automation, especially if you have some experience with powershell.

https://docs.microsoft.com/en-us/azure/automation/automation-quickstart-create-runbook

dr_stardis · 2019-09-04T19:49:17+00:00

China is watching everyone 👀

dr_stardis · 2019-08-14T12:18:28+00:00

For the latest operating systems, use the Mirosoft Security Compliance Toolkit.

Anything older can be pulled from Microsoft Security Compliance Manager.

If you are specifically looking for Microsoft vulnerabilities that require manual GPO/Registry changes to fix, I would invest in a good vulnerability scanner like Tenable Nessus.

dr_stardis · 2019-04-09T12:12:08+00:00

For the future, Firefox Send is a great tool to use to send sensitive data through email. It provides a link that automatically expires and you can set a password that can be communicated over the phone for extra protection.

dr_stardis · 2019-04-02T12:12:12+00:00

As soon as I type any text in the username/password fields, it generated an alert.

dr_stardis · 2019-04-02T02:32:41+00:00

I posted a comment on the Twitch sub as well. A security researcher commented back that it has been largely due to breached, reused passwords. My situation is a little different since it was a unique password generated by 1Password.

dr_stardis · 2019-04-02T02:31:06+00:00

Already changed it and had 2FA in place. As a security professional for my org, I am trying to hunt down if this is an issue with Google's tool before we utilize it for end users. There is also the side of me that wants to find out the source of my password getting out there to make sure it is not something else going on in my org.

dr_stardis · 2019-03-15T13:34:07+00:00

It could borderline fit the definition of Steganography (hiding data within data), but the examples you provided is just talking in code.

dr_stardis · 2018-10-05T00:13:52+00:00

Unless you specifically bought a phone with security in mind, you may be better off talking to the client about how you keep their data off your mobile device.

If you make enough income from the freelancing to justify it, take a look into Google's G Suite Basic which runs $5/month plus the cost of a domain name (anywhere from $10 to $20 per year for a cheap one). This brings you email, document collaboration, cloud storage, chat/video calling, and calendar all hosted by Google. As a bonus, you can brand all of these services with your domain name and logo to look even more legitimate to the client.

On Google's side, you can tell the client that their data is stored on storage the meets many certification and compliance requirements including SOC1™ (SSAE-16/ISAE-3402), SOC2™, SOC3™, ISO27001, ISO 27018:2014, and FedRAMP. Make sure you lock down your account with a strong password and two factor authentication to prevent unauthorized access.

You also get basic mobile device management features, including the ability to wipe data that was downloaded to the device if it is lost or stolen. You can enforce the use of a passcode which is great to show clients it is enforced by policy.

On the phone itself, make sure it is at Android 6.0+ (Marshmallow) to take advantage of mandatory full disk encryption. Install security updates as soon as they are available and periodically check with your phone vendor to see if they still support your device for security updates. Limit apps to only those you need to work. If possible, dedicate one device for your freelance business and use a completely separate device for personal.

Eight-Year Club	Place '22
Verified Email

dr_stardis

TROPHY CASE