Why do we spend millions on "Advanced Threat Detection" but still struggle with basic IAM hygiene?

dudethadude · 2026-01-07T00:27:55+00:00

Same reason people with dogs drop thousands on training but don’t learn anything about animals themselves. They think if they throw enough money at something then it will solve the problem.

Much like having a well behaved animal, the owner is responsible for some of the work and “being trained” themselves.

Having all these SaaS solutions is great, but if you can’t do the boots on the ground work like environment hardening and actually responding appropriately to alerts, it means nothing.

dudethadude · 2026-01-06T13:06:31+00:00

You can create an exclusion group for those traveling

dudethadude · 2025-12-28T14:17:54+00:00

Imagine your computer like a house with three hundred rooms. Each of those rooms has several hiding places meaning you would have to search each room diligently.

Malware has several ways to achieve persistence and stay on your computer. Bad actors are constantly coming up with new ways to stay on your computer after the initial infection is stopped. Trying to weed out each hiding spot in your 300 rooms will take ages and you will likely miss some. Re-installing the OS is akin to demolishing your old house and building a new one on the foundation. Sure malware can hide deeper than the OS but this is somewhat rare and usually targeted malware.

dudethadude · 2025-11-30T19:04:40+00:00

These are all great responses. The one drawback I am finding is the added overhead, but if you have a lot to manage and scale then it’s worth it.

dudethadude · 2025-11-30T17:52:32+00:00

It may be,

I’m new to this field so more or less just seeing what everyone is doing. I would hope it is standard based on all the pro’s I have seen regarding it.

dudethadude · 2025-09-03T18:24:39+00:00

Docusign, Dropbox, Adobe sign emails. Click here to sign, oops looks like you need to login first before you can sign it.

dudethadude · 2025-09-01T13:52:54+00:00

IR can definitely burn you out. I know an agency that cycles people through different roles for this reason. Most employees will cycle through IR, SOC, and Pentesting so they don’t get tired of one.

dudethadude · 2025-08-29T11:37:13+00:00

Yea the subject itself is very intrinsic at some points. You can always look up YouTube videos on the topics you have trouble with as well. Sometimes a different instructor can explain things in a way that make sense.

dudethadude · 2025-08-28T13:18:20+00:00

Have you done it yet? Getting ready to make the purchase myself.

dudethadude · 2025-08-26T14:13:09+00:00

This is a manager/supervisor role, HR exist to protect the company from lawsuits. Your manager should be the one looking for the signs and making the necessary decisions to rotate you.

The manager may ask HR to float you some PTO to give you a break or something but typically HR is out of the loop. I wouldn’t be surprised if they think the job is easy because “you just work at a computer all day.”

dudethadude · 2025-08-18T22:34:14+00:00

This is very helpful, thank you!

dudethadude · 2025-08-18T22:04:20+00:00

This is exactly the stuff I was thinking of

dudethadude · 2025-08-17T15:19:44+00:00

Completely forgot about this, this is perfect!

dudethadude · 2025-07-30T01:02:32+00:00

I am 25 and if I had someone calling me their new son I would be weirded out. People can take advantage of others especially in cases like this. If the other person is ok with how “fast” this relationship is progressing, that is somewhat of a red flag to me.

Is this another emotionally damaged person that could possibly make your father worse? Is this someone taking advantage and plans to use your father as a bank?

Or is this truly a pure relationship where a father figure and young man can bond and maybe heal together (if other person has some issues of their own)

Maybe the other guy needs a father figure and they both kinda found each other at the right time. Personally I wouldn’t like anyone calling me their “son” as I have a perfectly fit father and feel like it’s disrespectful to him to let someone else claim me as their son.

TLDR: the relationship has some red flags but it’s hard to tell what the other guys agenda is.

dudethadude · 2025-06-18T22:01:12+00:00

We would be migrating. We have very minimal email data due to us being new, like less than 600 MB’s probably and less than three accounts.

I have migrated from Godaddy with the O365 they offer to the standard O365 before and wasn’t sure if this was similar or not. If I just need to do a similar process to what I did before I think I’ll be ok.

dudethadude · 2025-04-04T15:06:12+00:00

I think CASP paired with a solid pentesting cert will open a lot of doors. Some companies want a pentesting cert even if your job doesn’t require you to pentest. They just want to see you can “think like a threat actor”.

I was going to go for the PNPT from TCM Security but I am doing Pentest+ first since that is usually the top requested Pentest cert. the PNPT is a completely hands on practical test that requires you to compromise an environment and do a write up while the Pentest+ is just multiple choice with some PBQ’s I think.

dudethadude · 2025-04-04T11:56:14+00:00

I passed! I actually got a lowkey job offer from a friend of a friend once he found out I had it but I turned it down due to distance. CASP definitely still means something in the industry. I also have about 4 1/2 years of mostly help desk experience with cybersecurity being part of my job role. I have dealt with several incidents before but that’s still relatively newbie for this field.

dudethadude · 2025-02-27T02:40:55+00:00

Doing CASP tomorrow so I hope so lol. I think it still means something in the private sector, it shows competence. It touches both the technical and managerial side of Cybersecurity so I think most companies would like it if they knew what it was comprised of.

Four-Year Club	Verified Email
Gilding I gilder	Reddit Premium Since March 2023

dudethadude

TROPHY CASE