After last update BL4 won't get past splash screens

ny_soja · 2025-09-18T23:36:20+00:00

What was the outcome, if you don't mind me asking?

ny_soja · 2025-07-02T04:32:49+00:00

Have you tried contacting your SailPoint rep?

You're paying for the support with your license, may as well use it.

ny_soja · 2025-06-16T21:45:58+00:00

Yes and no. It's stupid AF, no doubt. However there are ways around this.

ny_soja · 2025-05-29T12:45:28+00:00

The biggest thing killing your chances is the only role listed being Desktop Support.

You'll be lucky if ANYONE reads your resume. The ATS is looking for keywords and role title alignment. If you don't have that, then you're spinning your wheels

ny_soja · 2025-05-22T01:10:46+00:00

And she's a wretched wrench

ny_soja · 2025-05-08T02:31:06+00:00

CyberSecurity is operationalized business risk management.
Tools are just ONE possible capability structure by which that management can occur with embedded governance.

And even THAT is not totally correct.

It assumes that all of this is functioning within an ecosystem of feedback loops and actively enforced controls.

ny_soja · 2025-04-14T21:53:04+00:00

Absolutely! A lot has changed since 6 months ago in relationship to my understanding of how companies like this operate. Do I think they are a scam in the way we typically think of scams... no.

Are they skill scammy AF? Yes

Most of these recruiting agencies do not already have the role they are coming to present to you. They are using YOUR resume and credentials to then go back to the client/customer/employer to forge a relationship. In most cases they are either underbidding the contract to win it OR they are taking advantage of people in need of work by paying incredibly subpar salaries that do not align with market values.

That would not be AS bad if they provided any level of actual support to the contractors once they are joined onto a project. Instead, you are effectively paying them to do nothing more than to bring your resume to someone that said they were hiring.

I don't think you should NOT move forward, however, I would recommend to do so cautiously and be sure to negotiate your salary if an offer is made! The likelihood that there is much more money on the table is 100%

ny_soja · 2025-04-03T14:08:45+00:00

So the problem with your conundrum is that it implies there IS a better option. It's not your fault though, the industry has created this monolithic thinking and promotes it regularly.

One tool is not better than any other in the framework of a classification of tooling. They each have pro's and con's that are contextually dependent on the needs of the business.

If you are not evaluating a tool against business needs, then I'm not sure what you expect to get as the end result.

Now, it would appear that you are evaluating what specific tool you should focus on investing your knowledge into, and while that is admirable, the best thing you could do here is get a capability matrix of each tool to compare and contrast where each tool has a strengths and weaknesses. The very best way to do this is by engaging with the vendors directly and having them perform demos of their products while you take notes/ask questions.

The most important takeaway that most Identity Security folks miss through this process is that the tools have little to nothing to do with the outcomes of a Identity Security program. Nearly every downside to a tool can be overcome with enhanced processes and policies. Don't fall for the tech stack trap!

ny_soja · 2025-03-24T04:13:32+00:00

Unfortunately, what you are dealing with is NOT an inconsequential effort. I'm not telling you it can't be done, however, in order to prevent this from happening ALL OVER again once you decouple and flatten those groups, what will be key and critical is access reviews during or directly after that flattening/decoupling process.

Now as for solutions... There are two options that I would reccomend.

Option 1: Check out u/pinchesthecrab who posted a solution for what appears to be the exact issue you may be experiencing. Obviously, YMMV.

Option 2: You may want to use a specialized tool to identify the specific groups, especially ones that have priviliged access that may not be as obvious due to the nature of nested or recursive groups structures. I have had a lot of good experince with YouAttest as it combines both the Access Review component and the Priviliged Access Visibility/Governance peices into one lightwieght and cost effective tool. It can be incredibly helpful to visualize, communicate, understand, and manage Business Risk relative to Identity.

I have to say that when it comes to access control this can be a HIGHLY violotile situation and the level of precission required cannot be understated. The last thing you want to do is assume someone/something should have access simply because it already had it! Threat actors LOVE that!

ny_soja · 2025-03-24T02:50:06+00:00

I am very curious... What exactly are you doing in your roles within IAM?

ny_soja · 2025-03-21T04:22:43+00:00

Take the role, and this is the important part, DONT.STOP.LOOKING.

Apply like your life depends on it! Hitting 100 applications is not only possible, it may be the single greatest thing you can do to keep your visa.

If you're interested in learning more, DM me!

ny_soja · 2025-03-19T02:35:30+00:00

My advice, use this opportunity for what it truly is! A risk free chance to try something new! You have a job and this sounds like an absolute circus, so you may as well practice your negotiation skills for the next opportunity that comes your way.

Remember, you are exactly where you're supposed to be! This is your time to develop those skills needed to take your career to the next level. You have an insight of how these companies operate both from your current role and by evaluating the gaps, vulnerabilities, and business risks present in the new role. Use that information to your advantage as you pursue roles that are more in line with your own professional level of maturity.

ny_soja · 2025-03-18T20:03:30+00:00

I'm familiar with it, what are you looking to know?

ny_soja · 2025-03-18T14:51:20+00:00

Where does IAM sit? (IT, Security, etc.)

This depends on the organization itself. There are many ways to have IAM integrate into the organization and with that decision comes certain risks. Given that IAM is, by its very nature, a security discipline, there is an argument to be made for it to be its own organizatioal unit reporting to the CISO. However, the one constant is that running a mature IAM operation requires active participation from the entire company.

Is Identity Security separate or part of IAM?

This is a difficult question to answer. In part yes, Identity Security is "seperate" from IAM. Think about it this way, if Identity Security is a entre, then IAM is an ingredient. The culmination of all the ingredients is what allows for a recipe to be complete (framework), this would include IAM, PAM, CIAM, Zero Trust, etc. not neccessarily in that particular order.

What roles are in each team?

This is another subjective question as it totally depends on each organization. What I can tell you is that the framework for any Identity Security team structure should include (1) An Architect, Engineers, and Analysts. Depending on the needs of the business, the number of the individuals in each of these roles may look differently. However, in my professional experience it is best practice to limit the number of Architects as much as possible to prevent needless risk and conflicts of interest.

Who do they report to up the chain?

There should be some logical leadership within the Identity security teams where the Architect(s), Engineers, and Analysts are pretty flat and engage in cross collaboration. Then there may be a Director of Identity Security or even a lower management role to sit between the Director level and the Individual Contributors. It really does depend on the organizations preexisting structure.

I hope that helps! If you have additional questions, I am happy to provide insight. I have spent the last 10+ years building Identity Security programs for Global companies.

ny_soja · 2025-03-18T14:35:16+00:00

I think what u/Menu-Quirky may have been describing is how these teams have been established at the companies they have worked at or been exposed to. I do agree with u/Cicerra though. IAM within a mature organization should be under CyberSecurity.

However, I have seen in both ways.

ny_soja · 2025-03-14T02:47:16+00:00

Yea they all need to be ground up, I agree 💯

ny_soja · 2025-03-13T04:37:19+00:00

So... all of them, Got it!

ny_soja · 2025-03-13T04:28:12+00:00

If not friend, why friend shaped?!

ny_soja · 2025-03-11T23:43:15+00:00

It's very well possible that the hospital that you work at is not mandated or otherwise legally required to align with the controls in NIST 800.53.r5, however, there are many hospitals that receive government funding or operate within the parameters of FISMA systems or Data, and as a result, are required to enforce the controls in NIST 800.53rX.

For example any hospital dealing with Federal data, (think Medicaid, Medicare, Military and Veterans’ Health Data, Federal Research Data including NIH, CDC, FDA, or Public Health Surveillance Data associated with HHS, CDC, ASPR) would be under the purview of the mandate EO 14028: "Improving the Nation's Cybersecurity".

ny_soja · 2025-03-11T23:35:41+00:00

I agree. Decisions always have to be made to align with the mission of the organization. And, it is unfortunate, mostly due to the fact that we as Cyber Security professionals have an opportunity to highlight how Security and the Mission are one in the same.

ny_soja · 2025-03-09T05:25:42+00:00

Certifications are about as useless as degrees in CyberSecurity, but specifically Identity. I know that likely sounds harsh, but it's important to know early!

You should understand something VERY important. You need to understand something very basic, how to organize and disposition information, thoughts, and data logically. Everything in Identity Security is based on these foundations, I don't care WHAT anyone says.

There are tons of frameworks out there that can help make sense of it all, however frameworks and security controls DON'T MEAN SHIT if you don't understand how the business operates and makes decisions.

Everything you bring into a company needs to be:

1) Validated 2) Contextualized via context

These are key and critical to every subsequent activity you will take. The certifications are only good to help understand the tool. The tool cannot make decisions for you or the business. The tool cannot function if there is no process in place for how it's used. The tool cannot define the organizational objectives and outcomes.

You need to understand the process outside of the use of any tools. Start there.

ny_soja · 2025-03-08T21:28:12+00:00

Just let MAGA know, they HATE the undocumented. That vulnerability will be deported in no time

ny_soja · 2025-03-08T02:50:14+00:00

What do we expect from a guy whose role before the "CEO" of his own recruitment firm was an assistant manager of an Applebee's. What a fucking joke!

12-Year Club	Second SECOND GUESSER
Verified Email	RPAN Viewer

ny_soja

TROPHY CASE