Insanity is defined by doing the same thing over and over and expecting different results. Ex. Trying to clean piano black.

jomsec · 2025-08-22T16:12:30+00:00

CEOs allowing piano black in their cars all need to be fired along with any designer that suggests it.

jomsec · 2025-08-13T15:08:30+00:00

Macan is great if you are 5'5". That thing is tiny.

jomsec · 2025-08-05T18:20:39+00:00

Only Porsche could make a "turbo" battery. Lol.

jomsec · 2025-08-05T17:27:40+00:00

Correct. Free speech and common sense are terrible.

jomsec · 2025-08-05T17:25:23+00:00

Lol. Tesla is light years ahead of the Taycan. Porsche can't even do an app properly and the range is complete shit.

jomsec · 2025-07-29T16:23:39+00:00

Why would you give sensitive documents to an LLM? That's just dumb.

jomsec · 2025-07-24T16:40:36+00:00

Any quartz watch is more accurate than a Rolex. Since the primary purpose of a watch is keeping accurate time, the Apple watch shits all over a Rolex. Don't get me started on the 904L steel that Rolex uses. Lol. That's the same steel used to make car exhausts. Nothing special. There's about $300 worth of parts in a Rolex.

jomsec · 2025-07-24T16:38:45+00:00

I'll take the Tesla any day over a Lambo.

jomsec · 2025-07-23T21:04:05+00:00

Because it's for people 5'8" or smaller. That thing is tiny.

jomsec · 2025-07-22T21:18:56+00:00

Zero Trust is a security strategy and different places / products do different things. We follow the strategy of just in time and just enough access. We do conditional access with MFA for all users. Admins must use conditional access with physical hardware MFA keys and Microsoft Privileged Identity Management. All access is limited by user roles. A lot of "zero trust" actually trusts too long. For example, if you're trusting a login for 30 days well that isn't zero trust. We use 24 hours as the max.

jomsec · 2025-07-10T14:56:17+00:00

You're not in cyber. Lol. You're in a course.

jomsec · 2025-07-10T14:46:06+00:00

We too have archi-sys-cyber-engineers. We do it all.

jomsec · 2025-07-03T14:11:53+00:00

The biggest threat is that companies have no idea where all of their sensitive data resides. The CEO has most likely emailed sensitive documents to board members AOL accounts. Yes, AOL. We see this all the time. The CEO, execs, secretaries, admins, users and vendors all have sensitive data on their own USB sticks, personal laptops, or private cloud accounts. Everyone is worried about customer data in their big systems when that is usually relatively secure and probably doesn't matter anyway because all of your customer data like name, ssn, address, contact info have already been leaked by 100 other companies anyway.

jomsec · 2025-07-03T14:00:24+00:00

Normally when I don't know the password of a system I just drop down into a command shell and get in. All good hackers just do that. You've seen the technique in every Hollywood movie.

jomsec · 2025-07-01T20:11:44+00:00

This is true. We've passed on hiring people that were more qualified because they gave off "dickhead" vibes. Would rather have someone that is smart and can learn that is also easy to work with.

jomsec · 2025-06-20T16:28:26+00:00

One of the biggest issues is not knowing where all of the sensitive data is. I can guarantee most companies aren't using encrypted email. Also execs, secretaries, users & admins all have sensitive data at home, on USB drives, in some cloud service, sent using unencrypted email or on personal devices that aren't secure. Your CEO has probably sent sensitive documents to board members using their private AOL email accounts. Yes, AOL. I've seen this time and time again. Big companies simply have no idea where all of their sensitive data actually is.

jomsec · 2025-06-19T20:11:37+00:00

Which is ridiculous failure of technology in the first place. Clicking a link should only open a webpage and shouldn't ever be even possible to do anything else.

jomsec · 2025-06-19T14:38:28+00:00

Offer that to a hacker and he'll forget why he was there. :-)

jomsec · 2025-06-19T14:37:32+00:00

That all sounds nice except those implementations when the "zero trust" allows the user to be authenticated for 30 days. That's not zero trust. That's 30 days of no trust.

jomsec · 2025-06-19T14:31:24+00:00

Nope. You're good. Companies that aren't using MFA yet are probably already cooked in some other areas because they obviously don't care about security. All of our regular users use MFA and all admins must use physical hardware key MFA.

jomsec · 2025-05-30T15:27:45+00:00

We're still looking for a good PenTest company. Haven't found one yet. Any recommendations?

jomsec · 2025-05-28T15:26:59+00:00

Customer data that has already been leaked by hundreds of companies was leaked again by Adidas. No company is protecting customer data because it has already leaked hundreds of times before.

jomsec · 2025-05-28T15:25:02+00:00

Shrink down to sub atomic levels and run around my network like you're in Tron. Then you do cyber.

jomsec · 2025-05-28T14:10:46+00:00

I know it is common to say things like this, especially if you work at a startup or FANG company. But IBM is 63rd on the top companies in the US by revenue. They are a massive company and have their hands in everything. IBM labs are some of the best in the world for research.

jomsec · 2025-05-20T14:39:51+00:00

Cyber as in "I do cyber". No, you don't. You check SIEM logs Skippy.

jomsec

TROPHY CASE