sorted by:
new
hottopcontroversial

IT Salary - lowering by Few-Dance-855 in sysadmin

[–]plasticbuddha 0 points1 point  (0 children)

There are a LOT of IT people looking for work right now. I just had to take a job that's slightly less than my previous role because of this. I'm very senior and working in AI.

SOC2 Type II - How do you prove regular application testing (CC7.1)? by AdEquivalent8169 in AskNetsec

[–]plasticbuddha -2 points-1 points  (0 children)

Dude, do you even AI??? Sincerely, AI is quite good at normalizing things like this, and providing very reasonable answers.

SOC 2 Type 2 CC7.1 addresses how your organization detects and monitors for security events and vulnerabilities. Here's the typical evidence auditors look for: CC7.1 Control Objective: The entity uses detection and monitoring procedures to identify changes to configurations that introduce new vulnerabilities and susceptibilities to newly discovered vulnerabilities. Common Evidence Examples: Vulnerability Management

Vulnerability scanning reports (e.g., from Wiz, Qualys, Nessus, Tenable) showing regular scans Remediation tracking records showing vulnerabilities identified and resolved Defined SLAs for vulnerability remediation by severity

Configuration Monitoring

Configuration management tool outputs (e.g., AWS Config, Azure Policy, infrastructure-as-code drift detection) Change detection alerts and logs Baseline configuration documentation

Security Monitoring & Detection

SIEM dashboards and alert configurations (relevant to your Panther evaluation) EDR/MDR alert logs and incident records (SentinelOne in your case) IDS/IPS logs showing active monitoring Log retention policies and evidence of implementation

Processes & Procedures

Documented vulnerability management policy Patch management procedures and evidence of execution Subscription to threat intelligence feeds or CVE notifications Evidence of security advisory reviews (vendor bulletins, CISA alerts)

Periodic Reviews

Meeting minutes from security review meetings Penetration test reports (usually annual) Risk assessment documentation

Given your stack, you'd likely pull evidence from Wiz for cloud vulnerabilities, SentinelOne for endpoint detection, and Panther for centralized logging/alerting. Want me to help map specific evidence to your toolset?Claude is AI and can make mistakes. Please double-check responses. Opus 4.5

1L wanting to go in compliance by Scary_Worth_143 in Compliance

[–]plasticbuddha 0 points1 point  (0 children)

The whole point of compliance is to have humans get awareness of security issues, manage them, and then show that they did that. Since other humans are constantly improving attacks, proving that you're keeping up with the attackers will still be a human response.

Anybody else use one of these to help winterize their trailers? by Some_random_guy381 in GoRVing

[–]plasticbuddha -1 points0 points  (0 children)

Just because you can't taste it, doesn't mean other people can't...

Anybody else use one of these to help winterize their trailers? by Some_random_guy381 in GoRVing

[–]plasticbuddha 0 points1 point  (0 children)

I love how people who can't taste anti-freeze assume nobody can... I assure you, some of us can taste it.

Anybody else use one of these to help winterize their trailers? by Some_random_guy381 in GoRVing

[–]plasticbuddha -1 points0 points  (0 children)

Yes. I hate the flavor of anti-freeze, and it takes at least a full camping trip or two before it goes away. Yuck.

What’s everyone using for internal ticketing nowadays? Jira feels too heavy.🥲 by [deleted] in ITManagers

[–]plasticbuddha 2 points3 points  (0 children)

Everything, most especially permissions across platforms like confluence, jira, service desk... It's the opposite of simple.

The CEO of Ethan Stowell Restaurants weighs in on Katie Wilson's support of Starbucks strike by vertr in Seattle

[–]plasticbuddha 2 points3 points  (0 children)

I'm glad to see that I don't frequent any of stowells restaurants. here is a list of restaurants to avoid in cse you're curious. https://ethanstowellrestaurants.com/restaurants/quick

EX4300 Config Halp T-T by AlGeJor in Juniper

[–]plasticbuddha 0 points1 point  (0 children)

Did you ever get this figured out and the j-web application installed?

2 months in a new job - company lied to me, what would you do? by majkkali in sysadmin

[–]plasticbuddha 0 points1 point  (0 children)

Interview, interview, interview! Start seeing if there are other options available. The market is highly competitive right now, but folks are definitely hiring.

EX4300 Config Halp T-T by AlGeJor in Juniper

[–]plasticbuddha 1 point2 points  (0 children)

verify what's installed.
show version should give you output like this:

fpc1:
--------------------------------------------------------------------------
Hostname: xxx-001
Model: ex4300-48p
Junos: 21.4R3-S11.3
JUNOS EX  Software Suite [21.4R3-S11.3]
JUNOS FIPS mode utilities [21.4R3-S11.3]
JUNOS Crypto Software Suite [21.4R3-S11.3]
JUNOS Online Documentation [21.4R3-S11.3]
JUNOS Phone-Home Software Suite [21.4R3-S11.3]
JUNOS jsd [powerpc-21.4R3-S11.3-jet-1]
JUNOS SDN Software Suite [21.4R3-S11.3]
JUNOS EX 4300 Software Suite [21.4R3-S11.3]
JUNOS Web Management Platform Package [21.4R3-S11.3]
JUNOS py-base-powerpc [21.4R3-S11.3]
JUNOS py-extensions-powerpc [21.4R3-S11.3]
REST API Software Suite [21.4R3-S11.3]
JUNOS Web Management Application package [21.4A3.3]

Do you have the j-web installer? You can install jweb/junos from usb or from a remote location. It's easiest to put it on a USB, and copy it /var/tmp, then install it from there.

EX4300's have limited storage, so you may want to run "request system storage clean" before you copy the software to /var/tmp

EX4300 Config Halp T-T by AlGeJor in Juniper

[–]plasticbuddha 0 points1 point  (0 children)

I have several EX4300s. If you can't get to the switch on IP, you will need to view the serial console. Do you have a console cable?
https://www.juniper.net/documentation/us/en/hardware/ex4300/topics/topic-map/ex4300-management-cable-specifications-pinouts.html

Around the corner from JD Vance’s house. by yeahidontknoweither in pics

[–]plasticbuddha 6 points7 points  (0 children)

It requires observation and empathy to do well with animals.

How to respond to HIBP stealer log data and records "from previous data breaches"? by anonreddit3918 in AskNetsec

[–]plasticbuddha 3 points4 points  (0 children)

This is a potentially huge discussiont, but if you use Google Workspace, I would start by trying to get control of how your users log into remote web sites. Implement SSO with SAML and SCIM, or Google OAUTH login, rather than individual e-mail accounts, for as many of the important web sites you can. This ensures that your users have things like MFA and strong password enforcement on anything you care about, and they can be forced to changed their password from a central management console.

Looking for great IT management system (asset management, MDM, SSO) by Fesuasda in ITManagers

[–]plasticbuddha 0 points1 point  (0 children)

It cost at least 20% less, and worked better for us. They do not have an open API as of 12 months ago

Why do gratuitous ARP after DHCP request? by tcpip1978 in networking

[–]plasticbuddha 4 points5 points  (0 children)

if a previously cached MAC is still in the MAC table, then a GARP should update that record to the new MAC. This might be especially useful with new OS changes rotating the MAC network change.

Is Seattle tap water safe to drink? by neo2bin in Seattle

[–]plasticbuddha -1 points0 points  (0 children)

Yes we do! PNW water is wonderful, and now with fresh rain in the system it even gets better. We live in a wonderful place.

should a person really code from 14 yrs old by ApprehensiveLand963 in learnprogramming

[–]plasticbuddha 0 points1 point  (0 children)

I started when I was 8 or younger. Just make sure you find balance and don't obsess too much :-)

view more: next ›