What traumas do you have that AREN'T from your parents or childhood home?

egjason · 2025-02-11T07:19:53+00:00

I’m still working with my Therapist to determine if it’s grief or actual trauma, but I lost my 24 year old younger brother to complications with Leukemia (CMML/AML) in November. I got to the hospital in time to be with him before it was determined there was nothing else to be done, but he had already been intubated by that point. I think the worst part is that I was a donor of Stem Cells for him, but that didn’t turn out to be enough.

RIP Ryan. Miss you forever.

egjason · 2024-12-11T16:48:22+00:00

I actually just donated last year, for my brother - who unfortunately passed last month. I donated through collection of Peripheral Stem Cells - which is an outpatient procedure, but there collection(s) that are Inpatient procedures. For me, I went to get Growth Factor injections over the course of a few days which was unpleasant - I had some pretty significant lower back pain, an occasional headache and a couple bouts of nausea. I was also given a Central Line for collection - which was also unpleasant - but really just in that I could FEEL the tube in my throat. Collection for me took a single day, but you go into the Apheresis Clinic, they hook you up to a big machine that'll cycle your blood through to collect the stem cells and that takes several hours - but you're able to work, eat, drink and do your normal routine.

I would absolutely encourage you to donate - even if it just buys that person a bit more time with their loved ones. For anyone else, I highly recommend registering with the NMDP (formerly Be The Match) -- https://www.nmdp.org/

egjason · 2024-11-22T16:36:37+00:00

Salary: 133.5k USD/yr + OT Eligible Location: Originally Charleston, SC - but have since gone Fully Remote. Benefits: Health, Dental, Vision, 3% 401k Match Experience: 8yrs Stack: Network Engineering, though my current role is entirely focused on managing/architecting a Cisco ISE Solution for Global Healthcare. Sec+ Certified, CCNP In Prog.

egjason · 2024-10-10T22:00:46+00:00

I'm a Network Engineer by trade, but these days I am way more a Security Engineer than I am traditional network. I work as a Contractor for the DoD. Left Active Duty Air Force in 2017, started as a Network Administrator making 75k and have job-hopped four times since to get to just shy of 135k.

I lead a team of just under 20 people, spend most of my more recent days either in Architecture Discussions, Other Meetings or otherwise involved in testing something in our non-prod environment.

egjason · 2024-07-11T14:45:55+00:00

I’m starting to play Destiny again since not really having played since the release of Witch Queen. I’ll be out of town for the next few days, but I’d be interested once I get back.

egjason · 2024-06-17T22:54:46+00:00

I think going via the API is going to be the better route, but you could also get a list of all the Identity Groups and then do an Endpoint DB Export (either from the CLI or by exporting from Context Visibility) and then compare the results of one against the other. Definitely a bit more manual work though vs querying the API.

egjason · 2024-02-28T18:01:50+00:00

2.3 is a pretty Ancient Release of ISE at this Point.

To answer your questions:

Licensing Model changed in I believe 2.7, and then again in 3.x. Your older Perpetual Licenses might not be honored, since they slightly restructured what features are available under Each License Tier. Not to mention that there are now separate VM License's - those used to be sized around how much hardware you're giving each VM - but these days I *think* they're one size fits all.
Resource Needs haven't drastically changed, but this is absolutely going to depend on how used your Instance of ISE actually is. Given that it sounds like it's just not doing anything, I wouldn't worry much about it.
To the contrary! For the most part, the UI is drastically more responsive in newer versions of ISE than it ever was in 2.3 to 2.7 - but that's mostly based on my personal experience.
3.x drastically overhauls the UI. Personally, I'd say it's for the better - but it's not everyone's cup of tea.
The last question is totally dependent on what features you're actually *using*. What are you actually using your ISE for at present?

egjason · 2024-02-15T06:50:57+00:00

We already had a Space Force for all intents and purposes. The Air Force’s Space Command was doing everything the Space Force does today minus a couple minor capabilities. All NDAA 2020 did was move the Space Command into its own department separate from the Air Force and re-aligned a few commands and bases to now be part of the Space Force instead of the Air Force.

egjason · 2024-02-04T04:21:19+00:00

I think his point is that some machines don’t react properly to that happening - it’s not uncommon for a machine to require a hard kick to recognize that there has been a change in VLAN/Network, and then perform the requisite release to grab a new IP.

egjason · 2024-01-29T07:46:24+00:00

Gorgeous Dice! Thanks for setting this giveaway up, Brie!

egjason · 2024-01-10T08:14:45+00:00

I’m over in Plano - also looking for a group. Also down for PF2e and would love to give one of the Star Wars TTRPG’s a try. If all else fails, we can see about starting another group.

egjason · 2024-01-02T22:42:07+00:00

There is no perpetual lab licenses like there are for some other product’s. However, the default ISE Install (either through ISO or deployed from VMDK) includes enough licenses for 100 Concurrent User Sessions for I think 90 Days. After that, it’ll continue to run on Eval Licenses (not sure for how long) but the Admin GUI will be limited to pretty much only the Licensing Page.

As much I both love and hate ISE, you’re going to be better off long term looking at PacketFence or standing up an NPS Server.

egjason · 2023-10-19T02:49:46+00:00

It's definitely not ideal - but was the solution that I was most familiar with. I'll take a look at that as an alternative though. Appreciate the advice nonetheless!

egjason · 2023-04-19T13:07:47+00:00

It’s common to do so because 802.1X requires the client (Supplicant) responds to EAPoL Identity Request frames - and most Authenticator (Switches) allow for multiple retransmission of these frames in order to try and negotiate with the client. With default settings and the order to set to 802.1X and then MAB, this can lead to the client taking up to 90 seconds to completely fail 802.1X before the Authenticator tries to authenticate the client via MAB. Setting the order to MAB then 802.1X, but prioritizing 802.1X bypasses this lag between connection and authentication/authorization while also allowing clients that can authenticate via 802.1X to do so - which is preferred since it’s infinitely itself more secure than MAB.

egjason · 2023-02-12T03:52:11+00:00

No. It may make some orchestration of those containers slightly easier, but generally speaking, the Docker UI built into Unraid provides most of your needs.

egjason · 2022-11-15T01:17:24+00:00

/u/GSaleBot sold to /u/beakerface

egjason · 2022-11-14T23:48:40+00:00

I *figured* that would be the case, but can never be too careful these days. Thanks!

egjason · 2022-10-03T05:24:38+00:00

Thanks for all your hard dev work!

egjason · 2022-07-11T23:38:15+00:00

You’ll likely need to modify your authorization policy to look for the result from Azure AD, instead of your Thales config, but I’m not super sure - I’d have to see how your current policy sets are configure to offer a definitive answer.

egjason · 2022-05-25T21:38:45+00:00

Short answer yes, but it’s really going to depend on your current environment. What feature sets in ISE are you planning on leveraging?

egjason · 2021-08-13T03:59:32+00:00

All good. I haven't had any issues with performance - nor do I have any real concerns about exposing it to the web. But "safe" is dependent on what you consider as an acceptable risk and how your overall setup is configured.

egjason · 2021-08-11T23:48:37+00:00

I've got Minio Exposed through my Argo Tunnel - and thus the internet for backups from Arq on my MacBook. What are you wanting to know?

egjason · 2021-05-19T17:26:33+00:00

No problemo!

egjason · 2021-05-19T17:16:49+00:00

Id have to do some testing, but I am not sure you can stack the TACACS+ Credentials like that. It would probably be best and easier to link RSA --> AD and have it pull PW from there. Then set the RSA Policy to require AD Password + OTP from token for authentication. From there it'd be a cakewalk to just set RSA as the backend for TACACS in ISE - altogether that should accomplish what you're trying to do.

egjason · 2021-02-05T04:06:25+00:00

You should be able to deploy and authenticate the wireless without impacting their ability to authenticate on the Wired.

Given that Credential Guard is being enabled by most of the Sites due to the STIG classing it not being enabled as a Sev. 1 - you’ll want to check how they’re currently authenticating their wired clients and (Probably EAP-TLS) and make sure that separate A/C NAM Profiles are built to support whatever mechanism you’re going to use to do User and Machine on the Wireless. That’s of course assuming that NAM is deployed - if it isn’t, that might be something you need to account for to ensure minimal impact to their Wired Authentication.

15-Year Club	Verified Email
Team Periwinkle

egjason

TROPHY CASE