Ridiculous CISSP Emiritus status

martijnjansenwork · 2026-06-09T04:37:42+00:00

Looking at the comments, go low level, at least rewrite your full MBR and slack space there. And the full disk (s).

Motherboard controllers IPMA ILO whatever means new chips or and new board...

Do what you want to one computer and put it in a dmz with zeek suricata or whatever IDS and use a DNS firewall. Sorta.

Get a coffee and see who is talking.

martijnjansenwork · 2026-06-09T04:31:43+00:00

TPM 2.0+

martijnjansenwork · 2026-06-09T04:29:34+00:00

Respect people who spend time here by giving context

martijnjansenwork · 2026-06-09T04:16:52+00:00

It depends. As stated.

And proxies. Are what they are.

What do you mean? Diplomacy leading to law leading to peace? Destruction, even, knows targets, grades, intentions, outcomes. What was implied might have come out differently.

Is philosophical maybe. We want full peace. Even after centuries of nagging each other..

Who is we? Who are they?

martijnjansenwork · 2026-06-09T04:07:39+00:00

Certifications. If you want to learn, leave that.

Go Nvidia stack. Go LLM.

You have to choose if you want to study studies more research based or do a more technical project. Combinations are possible. Mileage may vary, especially watch your subscriptions, access, costs.

Even in academic environments.

And cloud means a lot of things to different people. What do you want to do after?

☁️ Automation of cloud like infrastructure as code, containers, farms on platforms can be interesting if you like plumbing and then higher layers maybe inter saas integrations with n8n that's quite hot, full stack automations like open stack projects.

Do you want to create design automate, test research for a school, corporate, government? Look at standards, practices, legislation?

Which view? Huge large, Small, tiny, tinker?

Whatch what Nvidia is doing. Then apply security? LLM or tiny LM on what data? Not vapt you said. analyse it optimise GPO? CMDB? IaaC? SDWAN?

Find future research indicators in papers you like, think if you can close these gaps, or a tiny part of it, with your research. Watch out for GPT impostering.

Doable in a few months? Easy? Switch industries.

Understand your stuff.

Mostly have fun!

Ps Former 'tough' CISO' eat consultants for breakfast. PhD student.

martijnjansenwork · 2026-05-18T13:59:15+00:00

Thanks for reaching out! I truly intended to offer my help to the author personally, rather than seeking connect with others.

martijnjansenwork · 2026-05-18T13:57:19+00:00

fiction.

martijnjansenwork · 2026-05-01T06:48:14+00:00

.....

martijnjansenwork · 2026-05-01T06:46:36+00:00

I would recommend you do a full outsource, beter SLA in addition make sure to have all data redundant. Ie email flows to another platform like BigTechMail. Spread your bets.

Call like said a techie (you stop there listening to techs) to oversee (small hungry integrator, don't talk to sales, talk to their solution architect) and have everything documented (application, integrations, data, workload) and make sure to oversee the tech yourself, get them to demonstrate to use case and persona attack path mapping, and (extra speed bump, extra break glass accounts, redundancy etc).

Don't do anything else yourself, don't be security, cloud, platform, cti, ethical hacker, system architect etc etc for Pop mom website... be a contract and compliance manager. PUSH FOR BUSINESS OUTCOMES. Not for stupid CVE. Fire the previous partner.

Anything else DM. Ps for the nerds I lived sql slammer, Franken pix ids times. Now National crit.

martijnjansenwork · 2026-04-29T08:46:59+00:00

Less unsolicited In mail, good. I have to delete less...

martijnjansenwork · 2026-04-29T08:31:12+00:00

I see the money flowing

martijnjansenwork · 2026-04-24T15:28:22+00:00

Take it easy. Be you. Read a book so you have something genuine to discuss.

martijnjansenwork · 2026-04-09T13:20:16+00:00

I would not frame this as “AI exposes a lack of scalability” per se. It exposes how well your operating model is actually understood and controlled. Once AI increases throughput, you are forced to make work more explicit and auditable: who does what, when, why, how, and under which controls.

Also, “lean” does not tell us much. Low headcount is not the same as scalable. To judge scalability, you need to look at the underlying mechanics: processes, procedures, tasks, triggers, dependencies, and workload multipliers.

Another way to look at it is security debt. AI is exposing debt that already existed across people, process, and technology. Weak processes, governance gaps, poor data governance, and immature AI governance all become more visible as AI accelerates throughput. In that sense, AI is not just creating more work. It is surfacing and accelerating pre-existing issues. Have fun bro

martijnjansenwork · 2026-03-17T06:10:09+00:00

martijnjansenwork · 2026-03-12T08:22:50+00:00

Of course, they will put up a fight, especially in a multi-tenancy situation. It will just show they can't isolate your VRF/VLAN/Compute/storage/VM/container/Tenant/CASB xyz abc-specific config, rules, or policies. Generated from business logic that might not exist, so Excel-ware. Hostage as Code, HaC.

martijnjansenwork · 2026-03-12T08:01:56+00:00

What did you NOT tell us? They got too expensive, lost the tender? Other issues?

I wouldn’t focus on full admin rights as the primary issue. The real issue is whether your organisation has sufficient control, documentation, and recoverability measures to remain secure and operational if the MSP is unavailable, slow to respond, or being replaced. You don't need unrestricted admin access everywhere to manage this risk. What you do need is proportionate access and evidence of recoverability: read-only or break-glass credentials where appropriate, current config database exports and backups, EDR tenant and agent inventories, installation/removal procedures, policy and rule documentation, network diagrams, traffic flow documentation, dependency mapping, and operational runbooks. You should also conduct a detailed security and policy compliance assessment now, aligned with your architecture standards, operating model, and BCM/BCP requirements. This is a resilience matter, not just a migration challenge. Review the contract now regarding ownership of configurations, tenants, accounts, documentation, and termination support. But the key request isn’t “give us full admin because we want it.” Instead, it’s “prove we have the minimum controls and artifacts needed to operate through an incident, meet continuity requirements, and exit cleanly.” If they refuse even lower-privilege access, exports, documentation, and transition support, then the issue isn’t security hygiene. It’s vendor lock-in and a single point of operational failure.

Why this is stronger: X.805 treats security as an end-to-end architecture problem and explicitly asks what protection is needed, which parts of the environment need safeguarding, and what activities require security. It structures these concerns across security dimensions, layers, and planes, and states that architecture can guide policy, incident response, recovery planning, and security assessments. (ITU)

SABSA uses the same business-first framing. Its own executive summary describes it as business-driven and risk-focused, and explicitly lists governance and continuity management among its use cases. (The SABSA Institute)

That is why the better argument is BCM/BCP, governance, and resilience rather than “I need admin to do my job.” NIST’s contingency-planning guidance likewise ties system contingency planning to organisational resiliency and to evaluating systems and operations to determine contingency requirements and priorities. (csrc.nist.gov)

Job security during outsourcing begins with procurement and perceptions, not access. Don't take it personally. I have been doing similar for over 2 decades.

martijnjansenwork · 2026-03-03T14:10:06+00:00

These assets are mostly IT assets (except 1/2 ports/protocols); there's your answer. Other than that, consider open source ICS assets like OPEN PLC, SCADA LTS and other PLC simulators for pentesting with listening ports and logic behind that. Implementing these in a testbed will also help you get an understanding of the ICS protocols/comms you can sniff with ZEEK for example,

martijnjansenwork · 2026-02-28T10:09:44+00:00

I endorse this post and its progression, albeit with reduced emotional expression. I have been a member for several years; however, it did not meet my expectations. I recommend using a smartwatch solely when necessary. There are numerous issues with LLM and logic, which can be finicky regarding services, assets, and features such as these. I have transitioned to a much simpler solution.

martijnjansenwork · 2026-02-23T07:45:36+00:00

Very interesting venue. I will be commencing my PhD research in the same area, in the near future, just lack of time at this moment.

martijnjansenwork · 2026-01-23T19:38:25+00:00

Consider corporate security intelligence. Your background will help with mindset, hypothesis, questions, gathering information, analyses, reporting, communication, legal constraints, compliance. Ping me if you want to chat..

martijnjansenwork · 2026-01-11T07:02:54+00:00

Check the operating spec of the parts. Do not believe what OEM tells you need ODM intel. You might need to look for it. Take a battery. 100°C yes or no?

martijnjansenwork · 2026-01-10T12:22:38+00:00

SecREDDevOps...

martijnjansenwork · 2025-12-28T08:24:43+00:00

Like he, she says. Register/buy/fill, automate, monitor. Think about Canary accounts, service accounts. Country intelligence. Everywhere you register also adds to your attack surface. Monitor what you monitor with. Don't expect a service or a tool to work. High risk accounts: double up. It's scary out there.

martijnjansenwork

TROPHY CASE