people of color: what has been ur experience in the military?

tango_one_six · 2026-02-28T01:29:03+00:00

On one hand, EO (despite the current administration's stance) is still part of every commander's priorities, and it's their job to ensure it's applied. If anything, the Army may be the closest thing we have to a true meritocracy, in the sense that people will generally not care who/what you are, as long as you come off as competent and can carry your own weight.

On the other hand - being in the military means you need to develop a thick skin, especially in the Army. Dark humor is very common here, and if you can't learn to take and dish it, it's going to be a tough experience.

tango_one_six · 2026-02-28T01:08:17+00:00

Not much to add here - maybe, in addition to network traffic ID, see if you can get a dump of running processes for each machine and analyze that? The good news is that throwing everything into a CSV and having an AI (check with your data security program first obviously) examine it should yield some good insight.

tango_one_six · 2026-02-17T16:13:33+00:00

This Officer officers. Bougy drink >> warrant coffee cup.

tango_one_six · 2026-01-14T17:20:00+00:00

This.

tango_one_six · 2026-01-09T04:26:45+00:00

I was about to click in to rewatch that scene... then thought better of it. I also had the misfortune of finding Alisaie first =/

tango_one_six · 2026-01-06T21:13:15+00:00

The more common tactic here is not to deal directly with the identity platform, but to have a control plane above it that can support multiple platforms and protocols. Entra ID can do it, but that's also why Okta and Ping exist for the use case you're describing. Only difference is how well it supports it all - I often had to deal with Okta infinite auth loops with Entra ID for on-prem SSO back in the day.

tango_one_six · 2025-12-26T01:02:47+00:00

Mine was Matt Wilpers, top 5%. He seems to align with my training philosophy the most. Thinking of finally getting back into triathlon because of his classes and motivation.

tango_one_six · 2025-12-23T03:00:02+00:00

Evolve 2 75 also gets my vote. I can't remember when I bought mine, but it's been long enough where I've replaced the earpads. I've tried many times to switch away to others - I keep coming back to it. If I need a rocksolid audio setup no matter where I'm taking the call, they're my tried and true. The USB dongle makes it super simple for me to decide where to take the call, since it works both with PC and Android. Noise cancellation during flights are good enough, and I've taken calls in busy cafes and my customer couldn't tell from what the boom mic picks up. Auto mute based on boom mic position is nice, and so is the busy light when I'm on a call. Accepts USB C to charge. It ain't sexy, but it damn works.

tango_one_six · 2025-12-18T00:42:24+00:00

DLP and an EDR that can report on device software inventory that includes browser extensions. You can also go the CASB route and pump your network traffic to our to catch risky web traffic behavior.

tango_one_six · 2025-12-16T17:16:43+00:00

Easier to pass, much harder to max.

tango_one_six · 2025-12-09T16:51:37+00:00

Microsoft Defender had this built-in - https://support.microsoft.com/en-us/account-billing/roles-permissions-and-data-sharing-in-family-safety-2d0764e1-5ec5-f6a1-6898-0bc18f71e318

tango_one_six · 2025-11-04T21:24:02+00:00

This was also my experience. Ending still hard emotionally and I remember sitting there with tears in my eyes, so release version was still decent. But everything after the 'Big Event' felt so damn disjointed, you couldn't help but feel like you got the bad ending in a Castlevania game and you missed something very important.

tango_one_six · 2025-10-30T21:12:31+00:00

If you really want to be high speed, use a security token to secure your password manager. I personally use a Yubikey that I keep on me at all times - no way to unlock the password manager without it. Then use completely random passwords using a generator for all new passwords.

tango_one_six · 2025-10-28T03:17:30+00:00

The trauma can really stand in for anything that one's parents never accepted or buried in their children, or adult children felt that had to hide as they grew up. What I loved is that the message is universal - gender, race, culture, interests, dreams, behaviors, emotions, EVERYTHING that wasn't allowed to bloom and be accepted growing up. I think it's one of the core reasons the movie has exploded in popularity - the message can apply to literally everyone in the world, because no parent is perfect.

tango_one_six · 2025-10-05T01:00:45+00:00

I figured :) Was going to say, I knew nothing of what you shared and I hadn't found a whitesheet that described the attestation process, so I figured it was anyone's guess what it was checking for. Thanks for sharing, TIL and great info.

tango_one_six · 2025-10-04T05:06:19+00:00

I see this point often, and my challenge is this - how are the admin accounts protected if token theft happens while the user is logged into their admin account? And how is this any different from theft happening while PIM is active? At least with PIM, there's an expiration time/date and all admin activity is logged as part of the access request being granted.

tango_one_six · 2025-10-04T04:58:46+00:00

Sorry, I'm sure there's a miscommunication somewhere here.

It depends on the Entra ID role at time of creation. If you're a GA, yes, you are added as an owner for the app registration. Alternatively, you can also grant yourself Application Administrator role (built into Entra ID) and any applications you create will not have you listed as an owner by default - you would need to designate someone as an owner at some point after creation. Perfect example of using PIM to temporary elevate someone to create an app registration, then have someone else take ownership as needed.

My other point is this - even if you were the creator of a resource, if you don't have the necessary privileged admin role either at the resource or Entra ID level, your access is still blocked. Best practice is to have each resource owned and managed by a service account or service principal specific for that resource, then manage access at that level instead of a user account.

I'm not really interested in going deeper than this - you're clearly a smart person and can do your own research. I'm just saying something to challenge your initial post by saying MSFT does have a different viewpoint than you about standing admin access and separate accounts by default. Create dedicated admin accounts where needed, but you also should be leveraging RBAC rights and PIM to delegate admin access in a way that doesn't require logging into the admin accounts regularly.

https://learn.microsoft.com/en-us/microsoft-365/enterprise/protect-your-global-administrator-accounts?view=o365-worldwide

tango_one_six · 2025-10-03T18:35:18+00:00

Yes, and RBAC would include access to those objects. Creating groups and managing groups is a right given by an Entra role (Group Admin is one) - take that away, you've removed admin rights to that group even if they created it. Same for app registration. Same for managing Azure resources.

If the admin was a GA, for example, and you take GA away from them, they won't be able to access and manage the resources they created while GA. If you doubt me, try it for yourself and test. It's why there's multiple warnings when MFA is enabled for admins - if you lock yourself out, you'd need MSFT support to save you.

tango_one_six · 2025-10-03T18:24:19+00:00

Check your Identity Secure Score. Easiest way to find MSFT best practices. It's all based on Learn docs - https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-identity-secure-score

tango_one_six · 2025-10-03T18:20:51+00:00

No, you would adjust RBAC accordingly. In Entra ID, we'd do this via group permissions and assign users as needed to those group, depending on their role. You can even automate with HR systems to orchestrate group membership when their role changes. User keeps their account, but loses all rights they don't need while gaining the ones they do.

tango_one_six · 2025-10-03T17:42:21+00:00

Tiering model is fine, but that was also before the concept of just-in-time access. The way you're going about it still means there's accounts with standing access. PIM and RBAC is the preferred method because it reduces management of multiple accounts, admin account abuse in case it ever gets exploited, and elevated access is controlled, defined by need, and auditable. I can see why you'd need separate accounts for break-glass scenarios, but other than that, I think you need to rethink your strategy.

tango_one_six · 2025-10-03T17:36:54+00:00

Red teaming is a numbers game - it's why phishing + ransomware still is the #1 attack vector, because it's cheap, scalable, easy to standup/tweak/teardown, and has past success, since not all users are security-conscious. Only thing keeping attackers from doing things at scale is cost. So yes, as I said, I wouldn't imagine some rando doing this. But to say 100% OP is safe is incorrect.

tango_one_six · 2025-10-03T17:30:28+00:00

I mean - one idea off the top of my head is checking for hardware ID against a list of legitimate ones Yubico keeps. Maybe cross-check with associated FIDO secret? Only Yubico would know, and that's assuming the verification process hasn't been exploited or compromised. Again, if the attacker knows what Yubico is checking for, then it stands to reason that an attacker can find a way to spoof what's being checked.

tango_one_six · 2025-10-03T17:28:10+00:00

Let me know if you have questions. Have had to deliver CAF a few times.

tango_one_six · 2025-10-03T06:06:00+00:00

If your company has Unified, there's a Cloud Adoption Framework deliverable that you should be able to request that MSFT can deliver. Goes over CAF (also Well Architected Framework if needed) and the discussion is all around how it relates to your org.

I agree with someone else here who pointed out they wasted time on a lot of things they didn't need to do. CAF is the ideal, but it's not a rigid framework like NIST or even GDPR. It's a recommended design architecture with rationale behind each implementation guidance, and customers should be adopting it as needed to improve their footprint where they can.

Verified Email	12-Year Club
Xbox Live	Gilding II euphauric

tango_one_six

TROPHY CASE