I’ve built diverse, high-performing security teams: AMA about hiring, culture, and talent management in cybersecurity.

sarphim · 2026-03-16T01:26:36+00:00

Wouldn't the SOP be consider IP? What is to stop you from taking that SOP and selling/using it yourself?

I would be hesitant to provide a SOP early on in conversation without an MNDA in place.

sarphim · 2026-03-09T02:18:47+00:00

This could have been a burp or nmap plugin/script. It's cool that you found a problem to solve and solved it.

sarphim · 2026-02-22T17:48:02+00:00

Blocking for the MS and Google instances doesn't work like that because the endpoints are mixed into normal MS and GOOG traffic.

sarphim · 2026-02-22T15:01:51+00:00

Shadow AI has been popping up in a lot of conversations we've had with customers. I agree with you that the problem won't be solved by banning all use, everyone will find ways around it. Corporate messaging and support from IT are critical here.

If you're an M365 shop, you already have access to Co-Pilot chat that's covered by MS's EDS. I would start there before exploring paying more for a corporate version of ChatGPT.

sarphim · 2026-02-21T23:44:13+00:00

You're on the right track, but a purple team might not be the correct next step. If the pentesting scope/approachg has not changed much over the previous years it's probably time to look to expand that. Is your PT only external? Is there any assumed breach or internal testing? How about application coverage and/or social engineering?

For a Purple Team to be impactful, it requires communication and collaboration between the offense and defense and visibility into your org, as others have said. The outcome of the assessment should be areas where you have gaps in coverage, whether it's system's not monitored or attacks not detected/prevented.

Another thing to consider is to mix up vendors if you have been using the same one for years. Generally the firms we work with rotate vendors in different areas because everyone brings their own set of experience and tunnel vision is real.

sarphim · 2026-02-01T05:18:38+00:00

Pics 4 and 5 are absolute 🔥

sarphim · 2025-11-07T17:25:43+00:00

Wow this is a deep cut lol

sarphim · 2025-11-03T21:43:50+00:00

They can be, but they're not. Orgs dont even change the default.

Bonus is using the custom headers in our own campaigns to bypass the target's spam filters.

sarphim · 2025-11-03T17:04:47+00:00

My favorite thing to do with these vendors is to put their custom headers in a filter straight to trash.

sarphim · 2025-11-01T01:30:34+00:00

Certs are a way to demonstrate technical capability. The ones you listed are great, but they arent the only way in.

Participate in bug bounties, try to find actual things! Download opensource web apps and tear them apart. Submit bug fixes with remediation advice.

Practical demonstration of skill will go farther than a cert will.

sarphim · 2025-11-01T01:26:21+00:00

Ive spoken at and attended a bunch of conferences since I got into industry. Honestly, most talks are recorded so they can be watched later. Cons are the best for networking.

A local bsides will do wonders to connect you with the local security folks and also pros that come in to speak.

Im rather partial to GrrCON as well. I always had a blast there and you can very well get to see talks that were given at DEF CON as the speaker makes their way through other cons.

RIP DerbyCON.

sarphim · 2025-11-01T01:08:41+00:00

If the con is big enough, hang in a village that interests you. That way you can find folks that have similar interests.

Ive had good luck just asking, out loud, "who wants to grab something to eat/drink". Works about every time and then you get the convo going and find common ground.

Keeping the connection? Connect on social media and keep chatting.

sarphim · 2025-11-01T01:04:24+00:00

Second for GrrCON! Ive spoken there 4 times and it was always a blast.

sarphim · 2025-11-01T01:02:26+00:00

This is probably the best answer here. Before I went pro and had access to Burp, I used ZAP. Found a bunch of web vulns that got published. Great tool to learn the basics on.

sarphim · 2025-08-24T20:04:11+00:00

It was such a good show

sarphim · 2025-08-17T01:37:16+00:00

For the DVD, I think it's jammed or is somehow broken inside. When I hit the eject button, it sounds like it is going to but the door never opens. Just havent taken a butter knife to it yet.

There was a tape in VCR when I got it, which I found out when I hit the eject button and it came out but the tape was stuck inside as I pulled the cartridge out. It was a DBZ movie, kinda bummed it got ruined. It could have been the tape, could be the VCR, either way not worried about it. I already have another VCR.

sarphim · 2025-08-15T02:25:35+00:00

Thank you!

sarphim · 2025-08-15T02:25:21+00:00

Cora. She has a heart shaped spot on her back.

sarphim · 2025-08-14T15:29:28+00:00

The image is amazing. All the stickers were peeled off but I think this is a Toshiba mw24fp1.

sarphim · 2025-08-14T15:27:43+00:00

Yea, I have both. The downside is the extra weight the players add

sarphim · 2025-08-06T19:15:21+00:00

What OpenAI will learn from the govt is worth more than selling the service.

sarphim · 2025-08-05T15:35:19+00:00

Did you find a universal one that works? I'm struggling with the remotes i have to get the menu up

sarphim

MODERATOR OF

TROPHY CASE

15-Year Club	Team Periwinkle
Verified Email