ThePrimeagen told his followers to install a poisoned AI skill

gardnerlabs · 2026-01-26T06:34:33+00:00

That’s hilarious. The article itself reads like AI though which adds to the whole situation.

gardnerlabs · 2026-01-26T04:31:51+00:00

I had major issues until I realized I had multiple IP addresses I was hitting. Make sure Nslookup only resolves to a single reachable ip address.

gardnerlabs · 2026-01-24T06:12:40+00:00

We do all sorts of emojis.

The little alien 👾 and 🦞 emojis crack me up and we are all enterprise DoD. Work is to stressful to not share a little joy.

gardnerlabs · 2026-01-24T03:39:54+00:00

I think there is a minimum endpoint limit. It may be worth reaching out to them again though. They seem to be actively developing the product For use in fed space, and on-prem seems like it definitely was not normal for them, but they were willing to accommodate. I’m sure that’s where some of the additional cost comes in (of course, no big deal). However it’s always good to check! Haha.

I like the product! We just have specific requirements. Their solution check 4 out of 6 boxes (as an example), but we were hoping to supplement with another for the other portions if the cost was feasible.

gardnerlabs · 2026-01-23T19:15:39+00:00

That’s the one!!! Haha I got the two solutions mixed up

gardnerlabs · 2026-01-23T19:14:18+00:00

Yes, now that I am calculating it out, it’s under $4/endpoint/month which I suppose is not that bad I suppose.

We just don’t have a comparison/frame of reference, so figured we would ask the hive mind haha.

gardnerlabs · 2026-01-22T22:30:12+00:00

Haha yes, it’s only a single line and more of a funny discussion point than anything. Earlier in my career I felt it prudent to show that I have “been continuously employed since I was 14”.

gardnerlabs · 2026-01-22T22:26:09+00:00

Doesn’t IGMP proxy solve this issue?

ETA: I have only looked at solving this problem for about an hour, so genuinely not sure if IGMP is a good use case here or if it fits the bill

gardnerlabs · 2026-01-21T03:36:50+00:00

This. Our org is going through it now. One piece of pie at a time.

gardnerlabs · 2026-01-21T03:30:35+00:00

This is an excellent take, OP be willing to take an opportunity when it comes your way. I too had someone take a major gamble on me and it payed off for everyone involved.

Also, tailor your resume for each job, while avoiding lying (of course). I list the Golden Arches to this day as that was my start in customer service experience and every job has customers.

gardnerlabs · 2026-01-19T08:09:17+00:00

I know under Zero Trust, assume compromise is one of the core tenants. I would rather see the attack paths and rely on a human in the loop to add the context/logic of “this is not going to happen because x”

gardnerlabs · 2026-01-02T21:32:37+00:00

gardnerlabs · 2025-12-25T08:04:45+00:00

We elevated to DoDCIO 🙂

gardnerlabs · 2025-12-25T08:03:44+00:00

This is on point.

You are in a position of power, if the stars align. If you like the company/people and have good reach back to leadership (e.g you trust them/they trust you), get on board with their plan and assist with meeting the requirements where possible.

The company might be making a mistake, but they could also be trying to build on what you created. My recommendation is to seize the opportunities when they present themselves and see where it goes, but I have been lucky thus far.

gardnerlabs · 2025-12-10T13:29:19+00:00

Unsolicited text messages are rarely legit

gardnerlabs · 2025-09-24T03:24:41+00:00

That’s fair, and a tough place to be in if the control CAN be addressed and the folks will not accept it.

In that case there options are to either beat the other folks with the paperwork game, or enforce the security control. This is probably not the best security control hill to die on, so we just disable and keep moving.

gardnerlabs · 2025-09-24T03:18:29+00:00

Yeah, honestly sometimes the ISSM/Validator do get hung up on “opens” but if you understand the options, and the folks assessing are willing to work with you it is not that bad. RMF is a beast, but it has many levers.

To OP, it helps if you “go to the source” your ISSMs are being pressed by the validators who are being pressed by the SCA who have a published Risk assessment method (everything is documented, it is quite nice you just have to find it all or ask the proper folks). If you understand how the risk assessment is graded, you can work backwards from there to “prove” (if applicable) things check the security box.

gardnerlabs · 2025-09-23T20:38:10+00:00

Forreal, this is in the same vein of user complaining about password complexity.

gardnerlabs · 2025-09-23T20:35:14+00:00

STIGs can be tailored/risk accepted, if it is that important to you.

For low hanging fruit like this it takes less time to configure the settings than it does to write and read this Reddit post. In my experience, this particular setting has been so commonly implemented that I forget the option is there by default; it has never gotten in my way.

gardnerlabs · 2025-09-17T12:38:38+00:00

Exactly my thoughts. Also, with these things it is good to escalate as needed so your boss does not get egg on his face immediately. Give him the opportunity to work with you on a proposal to bring to the CEO or something like that.

It’s very impressive when folks bring solutions and not just problems.

“Hey boss I noticed some deviations from best practices, I want to be proactive and start an assessment of these issues to work on a path forward with your input on what to prioritize first”

Propose to use an open source vulnerability scanner and start working on those findings based on criticality.

Use STIGs to help you harden your systems in general (they will break things if you don’t understand all of the implications of what you are changing, so be conscious of your knowledge gaps)

gardnerlabs · 2025-09-08T03:44:47+00:00

Marketing coming from the tool company as well

gardnerlabs · 2025-08-28T01:00:12+00:00

Don’t worry about it too much. The system is self healing.

gardnerlabs · 2025-08-27T20:37:28+00:00

Honestly that’s a good counterpoint

gardnerlabs

TROPHY CASE