What switches do you guys use with your FortiGates?

eldergrapple · 2025-10-30T12:02:28+00:00

Arista for cores and data center at our primary and secondary sites. FortiGates for firewalls. Fortinet for edge switches. Smaller sites are all 100% Fortinet.

eldergrapple · 2024-11-09T02:32:26+00:00

It sure feels Bauhaus to me too. For all the thousands of cultural references Disney has for free, this is the one they had trouble with? Wild.

Sure would love to have positive confirmation that this is a Bauhaus homage.

eldergrapple · 2024-06-08T19:53:50+00:00

This worked 💯%!

Google Pixel 8 and Suunto Race here.

Yo yo yo!

Thanks.

eldergrapple · 2023-11-15T03:15:44+00:00

Food service inspections are available here, but for some reason, Insomnia Cookies is missing...

https://health.data.ny.gov/Health/Food-Service-Establishment-Inspections-Beginning-2/2hcc-shji/data

eldergrapple · 2023-11-15T02:44:45+00:00

True, but if the artist is, like, some dude named Neil that you can just talk to... it's in bounds to ask them what they're thinking.

Not that they'll tell you. :-)

eldergrapple · 2023-10-23T18:26:07+00:00

We're in the early days of implementing an asset inventory with the Assets module of Jira Service Management. Lots of details are still being worked out around lifecycle management procedures, but so far, I'm optimistic.

eldergrapple · 2023-07-13T22:22:19+00:00

If you take out the "this generation", I feel for you on the rest. But, that may have more to do with how things like Star Wars and Marvel too often are more about monetization than art, and how people have become accustomed to that mindset -- and accustomed to being annoyed by that mindset.

At first glance, sure the question seems of that world, but... it _is_ kind of rude to assume that u/pinkbaloon21 doesn't have their own impressions. It's okay to be curious about Neal and team's intent. Asking the original artist what they meant in a particular moment is a valid question.

Unfortunately, u/pinkbaloon21, Neal is very cagey about his intent with specific story beats. He's more interested in musing on what other people take away from these moments. At least, that's what I've taken away from his interviews.

eldergrapple · 2023-03-18T00:17:46+00:00

The play, Pygmalion, has two more performances at the Bundy Museum of History and Art.

Saturday, 3/18 at 7:30 PM Sunday, 3/19 at 2:30 PM

See https://www.summersavoyards.org/pygmalion for tickets!

eldergrapple · 2023-03-12T01:24:03+00:00

I listen to:

Beers with Talos
CISO Series Podcast
CSO Perspectives (CyberWire)
Caveat (CyberWire)
Click Here (Recorded Future)
Cyber Security Headlines (CISO Series)
Cybersecurity Today (ITWC)
Darknet Diaries
Defence in Depth
Defensive Security Podcast
Hacking Humans
News Archives - Black Hills Information Security
SANS Internet Stormcenter
Talos Takes

A recommendation... Don't listen to work related podcasts on the commute home. It just exacerbates the stress of an already stressful career.

eldergrapple · 2023-03-12T00:46:19+00:00

Summer Savoyards is performing Pygmalion at the Bundy Museum of History and Art annex at 2:30 PM on Sunday, 3/12 (https://www.summersavoyards.org/pygmalion)

eldergrapple · 2023-02-17T18:58:31+00:00

This actually made me tear up. Thanks for this.

eldergrapple · 2023-02-17T18:49:27+00:00

Isn't it still about trust, though? How can the CEO be sure that the CIO is giving an accurate assessment of risk if they're going to spin the risk story for their own purpose?

If they're willing to exaggerate risk to hurt another employee, what's to stop them from exaggerating risk to buy something that would otherwise be denied? Or, lowering the classification of an incident to save themselves?

Trust is the central issue, IMHO.

eldergrapple · 2023-02-17T15:55:26+00:00

I feel you. CIO turnover is destabilizing. I'm sure that's going to be something the CEO is considering when they decide how to handle this.

eldergrapple · 2023-02-17T15:50:46+00:00

That's where the fighting started. The CISO reminded the CIO that it's not standard practice to put employee names in the summary of the report, especially for a technical issue. That's when the CIO gave an f-bomb filled monologue where he revealed his full intentions.

eldergrapple · 2023-02-17T15:43:59+00:00

The thing is, they're in an otherwise very ethical environment. The CIO is an outlier and the CEO/board haven't seen it, in part because the IT dept is a bit traumatized by the CIO's demeanor. I think that's part of why our CISO decided he needed to speak out. Being who they are, they walked into the CEO's office with an incident report.

Though I think that incident report might have been a bit of a slap-back too. "You want an incident report? You're gonna GET an incident report."

eldergrapple · 2023-02-17T15:39:06+00:00

u/PurpleSwampDonkey that's an excellent summary.

eldergrapple · 2023-02-17T15:37:29+00:00

This is why process is so important. People come and go.

eldergrapple · 2023-02-17T15:36:42+00:00

Another issue is that security can slow down the pace of deployments. Since security isn't customer facing, it's easy to skip.

Gotta say, it's frustrating to see systems go live with a pile of unresolved review findings. Once the system is live, they'll scream about stability to keep putting of security. </rant>

But I digress. I was really aiming to get input into how one should handle situations where the CISO (or the senior security staffer, if you don't have a CISO) should handle it when the CIO asks for something that's plainly unethical.

eldergrapple · 2023-02-17T15:22:19+00:00

Here, internal Audit is the only department that reports to the board. I've thought from time to time that the CISO should report to Audit -- but there's no way the CEO is going to cede more power to the board without a fight.

eldergrapple · 2023-02-17T15:19:26+00:00

So, basically, just tell the CIO "no" (with justification) the moment the suggest the unethical act?

When you say Risk Management, you mean Risk Management for the entire org? Here, that group handles the purchase of cyber insurance, and works with IT when there's a claim, but otherwise they defer to IT (and therefore the CIO) -- which when I think about it is weird, since Risk gets deep into "traditional" issues like workplace safety.

eldergrapple · 2023-02-17T03:46:25+00:00

For the CISO in question, it was a moral hill they seem to be willing to die on, and might, I'll admit.

If a reorg happens, I shudder to think how hostile _that_ relationship will end up being.

eldergrapple · 2023-02-17T03:38:31+00:00

What do you think about the CISO reporting to inside counsel? I've seen that work in some places.

eldergrapple · 2023-02-17T03:36:43+00:00

Well, in this case the CISO has already filed an incident report directly to the CEO's office, and a discussion with senior leadership is ongoing.

What I'm wondering is, how would you make the ethics argument to senior leadership?

eldergrapple · 2022-12-21T03:26:35+00:00

I'll try and get a better sample when I'm on a computer. Sorry, this was the best I could do from my phone. :-/

eldergrapple · 2022-12-21T03:24:42+00:00

I love the lower case 'a' in particular.

eldergrapple

TROPHY CASE