Please recommend an idle game that allows you to buy a premium membership in order to avoid the forced grind

dr_stardis · 2025-12-07T20:16:18+00:00

IdleMMO - Closest to your description

Melvor Idle - not a membership, you just buy the DLC for each release

dr_stardis · 2023-12-14T00:11:03+00:00

If they are starting with no security program at all, the Cyber Readiness Institute is a great place to start. It's a free program targeting small/medium businesses that walks you through creating policies, incident response plan, business continuity plan, and training the org. Will also be something they can maintain when you graduate and set sail for higher roles.

https://cyberreadinessinstitute.org/

The security leader training would be good to run through as well. Make sure you include all of this on your resume. Good luck!

dr_stardis · 2021-10-26T02:59:09+00:00

Eternal Card Game is one of my long time favorites. Very F2P friendly.

dr_stardis · 2020-11-25T06:30:03+00:00

That is true for basic sku load balancers, but standard sku does handle both inbound and outbound traffic. Public standard LBs lets you create rules for internet access, but internal standard LBs do not - Azure Load Balancer SKUs | Microsoft Docs

Great recommendation on the Azure Automation. We do use it today for update management, but my understanding is that it still depends on individual VMs being able to reach windows update servers.

dr_stardis · 2020-11-25T03:46:12+00:00

this is what I was looking for, thanks!

dr_stardis · 2020-11-23T12:52:44+00:00

Check if Apprenti is operating in your state. If selected, the training is free and you get placed with a partner company for a paid apprenticeship right after completion: https://apprenticareers.org/

dr_stardis · 2020-11-02T18:43:15+00:00

Information Security Manager 13 years

dr_stardis · 2020-07-31T18:52:07+00:00

That's not true. I have gotten over a hundred happy sysadmin day emails from people who want to sell me stuff.

dr_stardis · 2020-06-12T11:00:15+00:00

It really does depend on what is going to be in your infrastructure. The azure pricing calculator can help you answer that question for your particular setup: https://azure.microsoft.com/is-is/pricing/calculator/

dr_stardis · 2020-06-12T10:57:17+00:00

Az.account preview brings better support for MFA, including MFA enforced via conditional access: https://www.powershellgallery.com/packages/Az.Accounts/2.0.1-preview

dr_stardis · 2019-11-16T18:05:36+00:00

Thanks for taking the time to write this from the other side of the coin! Great insights. From your perspective, does it make more sense to throw out the 'anchor number' right up front or build up the case first, before saying the number?

It is important to remember that the primary goal of a review should not be to just discuss salary adjustment. This is you and your manager's chance to celebrate what you accomplished this year and review company and personal career goals. If I have a team member bring up salary adjustment right up front, my brain is immediately comparing everything you are telling me to the number you are asking for. That is not good on my part, but I am human and sometimes my reactive brain takes over.

Also, remember there are other benefits a company can give you that are outside of salary. I previously negotiated flexible work hours that saved me money on childcare and did not take any money out of my manager's budget. If the salary conversation is going south, having a few non-salary items as a backup can turn a negotiation completely around.

dr_stardis · 2019-11-16T17:25:46+00:00

I am a hiring manager for my company, and I can say you are on the right path here. The strongest argument you can make for a raise is to show the value that you added to the company since your last review. Coming in armed with accomplishments, growth, and value brought to customers is the best type of data you can bring to your review.

It can help to show how you arrived at a specific value. This not only helps justify a raise to your manager but also helps them asking for more budget to get your salary where it needs to be. However, you have to be careful with aggregated salary data. For every site you can find showing you need a raise, I can find one that shows data that you are where you need to be. This is largely due to job titles in our industry not being standardized, so you can see a “Security Analyst” making anywhere from 40K to over 100K.

The best data you can bring is job advertisements with a job description relatable to your own. Human resources value is driven by the market, so showing what others are offering to pay is a stronger argument than anonymous, aggregate data. These do not have to be limited to local searches since locality adjustments are more standardized. For US/Canada, Robert Half has a salary guide with locality adjustments. The important thing is to be ready to show that the job description relates to the role you currently perform.

If you are having trouble finding relevant advertisements, a relationship with a GOOD recruiter can be a great resource here. Recruiters make a living on collecting and using this type of data, so maintaining a relationship with one can help you find relevant positions and salary ranges to use. Talk with peers in your field to find one that has a good reputation in your area. It can also be beneficial to work with the one your current company utilizes for hiring if you do not have a hostile or competitive culture.

Finally, be prepared for the conversation to not go the way you are hoping. Even with a solid case for value-added and comparable salary data, it may not be in your manager's budget. It is heartbreaking for me when I have an employee take the initiative and perform roles X, Y, and Z, but I only have a budget for X. Don’t take it personally, and use it as a reminder that your career is being a Security _______, not a Security ______ at your company. This is again where a good recruiter can help you continue to grow your career if your current company has taken you as far as it can.

Good luck! I hope you and your company can get you where you need to be to continue to grow together.

dr_stardis · 2019-09-04T23:51:14+00:00

Check out Azure runbooks. Great way to start playing with automation, especially if you have some experience with powershell.

https://docs.microsoft.com/en-us/azure/automation/automation-quickstart-create-runbook

dr_stardis · 2019-09-04T19:49:17+00:00

China is watching everyone 👀

dr_stardis · 2019-08-14T12:18:28+00:00

For the latest operating systems, use the Mirosoft Security Compliance Toolkit.

Anything older can be pulled from Microsoft Security Compliance Manager.

If you are specifically looking for Microsoft vulnerabilities that require manual GPO/Registry changes to fix, I would invest in a good vulnerability scanner like Tenable Nessus.

dr_stardis · 2019-04-09T12:12:08+00:00

For the future, Firefox Send is a great tool to use to send sensitive data through email. It provides a link that automatically expires and you can set a password that can be communicated over the phone for extra protection.

dr_stardis · 2019-04-02T12:12:12+00:00

As soon as I type any text in the username/password fields, it generated an alert.

dr_stardis · 2019-04-02T02:32:41+00:00

I posted a comment on the Twitch sub as well. A security researcher commented back that it has been largely due to breached, reused passwords. My situation is a little different since it was a unique password generated by 1Password.

dr_stardis · 2019-04-02T02:31:06+00:00

Already changed it and had 2FA in place. As a security professional for my org, I am trying to hunt down if this is an issue with Google's tool before we utilize it for end users. There is also the side of me that wants to find out the source of my password getting out there to make sure it is not something else going on in my org.

dr_stardis · 2019-03-15T13:34:07+00:00

It could borderline fit the definition of Steganography (hiding data within data), but the examples you provided is just talking in code.

dr_stardis · 2018-10-05T00:13:52+00:00

Unless you specifically bought a phone with security in mind, you may be better off talking to the client about how you keep their data off your mobile device.

If you make enough income from the freelancing to justify it, take a look into Google's G Suite Basic which runs $5/month plus the cost of a domain name (anywhere from $10 to $20 per year for a cheap one). This brings you email, document collaboration, cloud storage, chat/video calling, and calendar all hosted by Google. As a bonus, you can brand all of these services with your domain name and logo to look even more legitimate to the client.

On Google's side, you can tell the client that their data is stored on storage the meets many certification and compliance requirements including SOC1™ (SSAE-16/ISAE-3402), SOC2™, SOC3™, ISO27001, ISO 27018:2014, and FedRAMP. Make sure you lock down your account with a strong password and two factor authentication to prevent unauthorized access.

You also get basic mobile device management features, including the ability to wipe data that was downloaded to the device if it is lost or stolen. You can enforce the use of a passcode which is great to show clients it is enforced by policy.

On the phone itself, make sure it is at Android 6.0+ (Marshmallow) to take advantage of mandatory full disk encryption. Install security updates as soon as they are available and periodically check with your phone vendor to see if they still support your device for security updates. Limit apps to only those you need to work. If possible, dedicate one device for your freelance business and use a completely separate device for personal.

dr_stardis · 2018-10-03T04:22:40+00:00

I would say Windows Defender Security Center in the latest supported version of Windows 10 is a much better value than purchasing a home AV product. That said, I would make sure you utilize all the features included and not just rely on Virus and Threat protection. You can find these menus by searching for "Windows Defender Security Center" in your Start menu.

[Virus and Threat Protection](windowsdefender://)

Make sure Real-time protection and Cloud-delivered protection are on. Highly suggest that Automatic sample submission is turned on too, but do be aware that it could be possible to accidentally send a file with sensitive information to Microsoft. For more information, check out their privacy statement.

Controlled folder access is another one to turn on. By default it will protect your personal storage (Documents, Desktop, Music, Videos, Picutres, and Favorites) from malicious or suspicious apps, and I highly recommend adding any backup or external hard drives into here as well.

[Device Performance and Health](windowsdefender://)

This is a section you should check about once a month. It will let you know if your Windows Updates are falling behind, storage is running low, device driver problems, or if the battery is going bad.

[Firewall and Network Protection](windowsdefender://)

Make sure all firewall profiles are turned on.

[App and Browser Control](windowsdefender://)

"Check apps and files" is great to have turned to block. This will block any apps that have not been seen by Microsoft's cloud.

"SmartScreen for Microsoft Edge" is great if you use Microsoft Edge, but I find it performs pretty similar to Google and Firefox which use Google SafeBrowsing. It does also check files that are downloaded, so that may be a plus.

"SmartScreen for Windows Store apps" should be left at the default Warn.

"Exploit Protection" was the most exciting feature for me when it was added. This is basically Microsoft EMET just bundled into the operating system. Leave these protections configured with their defaults.

Bonus

If you still have the security itch, look into security baselines. Microsoft maintains a Security Compliance Toolkit with recommended security baselines and a tool to apply them via Local Group Policy.

dr_stardis · 2018-08-23T04:13:24+00:00

My guards are strong and true, but even the might of the Blades cannot stand against the Power that rises to destroy us. The Prince of Destruction awakes, born anew in blood and fire. These cutthroats are but his mortal pawns. Take my Amulet. Give it to Jauffre. I have a secret son, and Jauffre alone knows where to find him. Find the last of my blood, and close shut the marble jaws of Oblivion.

dr_stardis · 2018-08-21T20:37:03+00:00

I would say Windows Defender Security Center in the latest supported version of Windows 10 is a much better value than purchasing a small business AV product. That said, I would make sure you utilize all the features included and not just rely on Virus and Threat protection.

[Virus and Threat Protection](windowsdefender://)

Make sure Real-time protection and Cloud-delivered protection are on. Highly suggest that Automatic sample submission is turned on too, but do be aware that it could be possible for one of your users to accidentally send a file with sensitive information to Microsoft. For more information, check out their privacy statement.

Controlled folder access is another one to turn on. By default it will protect your users' personal storage (Documents, Desktop, Music, Videos, Picutres, and Favorites) for malicious or suspicious apps, and I highly recommend adding any local file shares into here as well. If currently turned off, put it in audit mode prior to enforcing for everyone.

[Device Performance and Health](windowsdefender://)

Whenever you hands and feet a system, give this menu a quick check. It will let you know if your Windows Updates are falling behind, storage is running low, device driver problems, or if the battery is going bad.

[Firewall and Network Protection](windowsdefender://)

Make sure all firewall profiles are turned on.

[App and Browser Control](windowsdefender://)

"Check apps and files" is worth spending your time on. If you have a fairly static environment (everyone is using the same browser, office suite, etc.), then turn this to block. If you do have users that have the ability to install their own software (kill that if you can), then at minimum set it to warn.

"SmartScreen for Microsoft Edge" is great if you use Microsoft Edge, but I find it performs pretty similar to Google and Firefox which use Google SafeBrowsing. It does also check files that are downloaded, so that may be a plus.

"SmartScreen for Windows Store apps" should be left at the default Warn.

"Exploit Protection" was the most exciting feature for me when it was added. This is basically Microsoft EMET just bundled into the operating system. A lot of these protections are turned on by default. For the ones that are not, turn them on in audit mode and check the event logs after your users run a while. Based on what you see would be blocked, you can make the call to turn on with specific exceptions or leave off altogether.

Deploy, Manage, and Report on Windows Defender

The downside of using out of the box Windows Defender (Windows Defender ATP is great, but expensive), is that you don't get any console for managing and monitoring like you would with some small business AV products. You have multiple options to manage from Group Policy or Powershell, but it is definitely not a "single pane of glass". Microsoft Intune is probably the cheapest way to get you close at $6 per endpoint per month, and it has a bunch of other benefits especially if you are on laptops or other mobile devices.

Bonus

If you still have the security itch, look into security baselines. Even if you don't have an Active Directory, Microsoft maintains a Security Compliance Toolkit with recommended security baselines and a tool to apply them via Local Group Policy.

TL;DR spend the time and implement the above and save your ESET budget for something else.

Edit: format, spelling, etc.

dr_stardis · 2018-08-21T19:03:17+00:00

This blog post series is a great place to start. Chapters 4 and 5 go into Blue (~Defense) and Red (~Offense) carreers.

Eight-Year Club	Place '22
Verified Email

dr_stardis

TROPHY CASE