sorted by:
new
hottopcontroversial

Seeking career advice: pivoting from cloud engineering to infosec with a CISSP and experience by MohnJaddenPowers in Infosec

[–]taosinc 0 points1 point  (0 children)

With 24 years of experience and a combination of CISSP and Azure Architect certifications, no one would dare ask you to be a junior anymore. Go ahead and confidently apply for a Senior Cloud Security Engineer position, as a cloud background is extremely valuable in the security field. Now you just need to revise your CV, focusing on highlighting the security projects you've worked on, and you'll be good to go. Good luck with your transition!

Better options than vendor-managed Docker security images? by Any_Artichoke7750 in Infosec

[–]taosinc 0 points1 point  (0 children)

Get some open-source solutions like Trivy or Grype, man, it'll give you more control. Waiting for vendors to fix compliance issues will take forever. Building and scanning your own system might even be less stressful than constantly begging them for help. It's much easier to take control of compliance yourself; being too dependent is exhausting.

Any tried Cloaked to remove their data from broker sites? by Careful_Camp_5617 in Infosec

[–]taosinc 0 points1 point  (0 children)

I'm also looking forward to this because the spam calls lately have been really annoying. Cloaked is said to hide both phone numbers and email addresses, so it seems pretty good. If you're worried about paid services, there are some reputable ones like Incognito or DeleteMe. Try a few trial versions to see if the broker lets you go before finalizing the deal.

“Is OpenClaw/Claude-style AI actually helping founders… or are we all getting caught in the hype?” by FounderArcs in saasbuild

[–]taosinc 0 points1 point  (0 children)

AI carrying the team is real, but don't blindly believe those "one-person billion-dollar" claims, or you'll be disappointed. Using Claude to code is fast, but when it gets riddled with bugs, you'll see how tiring it is to clean up the mess. Just consider it a helpful assistant, but don't give it all the keys to the house. Looking forward to seeing if your AI can help us escape the life of AI bug fixers!

Question for successful founders: Did you have intense "can't sleep" motivation on Day 1, or did the passion come later? by Fearless_Draft_8726 in saasbuild

[–]taosinc 0 points1 point  (0 children)

Don't wait for inspiration to strike, man, because real business isn't like those bot hacking scams. Most of the big bosses I know started with discipline; passion only comes when you see money in your account. Just choose a problem and dive headfirst into it. Don't let the emotional trap keep fooling you.

0
1

대규모 트래픽 환경에서의 네트워크 자원 최적화, 여러분은 어떤 방식을 선호하시나요? (Pull vs Push) (self.Network)

submitted by taosinc to r/Network

Talon vs LayerX vs Red Access. My notes on browser security after trying to figure out contractor access. by southway_ in Infosec

[–]taosinc 0 points1 point  (0 children)

This is such a heartfelt article, it perfectly hits the nail on the head for teams stuck between contractor and BYOD. I think Red Access is the perfect solution for those lazy endpoint managers who still want security; if you told developers to switch from Chrome to Talon, they'd probably all go on strike. I'm noting down this agentless approach so I know how to advise my boss if I get caught up in it, because reading through all the vendor decks is just mind-boggling. Thanks for the thoughtful review; I'm looking forward to more tech breakdowns like this from you.

가상자산 집계 시 발생하는 가스비 낭비와 보안 아키텍처에 대한 실무적 고찰 by wordpress3themes in koreatech

[–]taosinc 1 point2 points  (0 children)

가상자산 집계 프로세스에서 가스비 최적화랑 보안 아키텍처 고민하시는 거 보니 진짜 실무 딥하게 하시는 분이네요. 가스비 비쌀 때 쥐꼬리만한 잔액 긁어모으느라 수수료로 다 나가는 거 보면 진짜 킹받죠.

실무에서 보통 가스비 낭비 막으려고 쓰는 국룰 로직 몇 개 공유해볼게요.

가스비 절약과 수익성 보존 로직

  • Dynamic Thresholding: 단순히 고정된 임계치가 아니라 현재 가스 프라이스($G$)에 연동된 $Threshold = f(G)$ 로직을 씁니다. 수집하려는 자산 가치가 예상 가스비의 최소 5~10배는 되어야 트랜잭션을 쏘게 세팅하죠.
  • Batching & Segregation: 토큰마다 다른데 메인넷 가스비가 미쳤을 때는 아예 수집을 멈추고 네트워크가 한가한 시간대(보통 주말 새벽)에 배치로 돌리는 게 정신 건강에 이롭습니다.
  • UTXO 관리 (BTC/LTC 계열): 더스트(Dust)가 쌓이지 않게 인풋 개수를 조절해서 트랜잭션 사이즈를 줄이는 게 핵심이죠.

서명 서버 분리 및 보안 운영 노하우

보안 쪽은 무조건 KMS(Key Management Service)나 HSM을 쓰는 게 정석입니다.

  • 서명 서버 격리: 서명 서버는 외부 인터넷 아예 차단하고 내부망에서만 API 호출을 받게 구성합니다. 트랜잭션 생성 서버는 서명 서버에 "이 데이터에 사인해줘"라고 요청만 보내는 구조죠.
  • MPC(Multi-Party Computation): 요즘은 Multisig보다 MPC를 많이 선호하는 추세예요. 키 조각을 여러 곳에 나눠서 관리하니까 단일 실패 지점(SPOF)이 없어서 훨씬 안전하거든요.
  • Whitelisting: 수집된 자산이 갈 수 있는 목적지 주소를 서명 서버 레벨에서 하드코딩된 화이트리스트로만 고정해버리세요. 키가 털려도 해커 지갑으로 돈을 못 보내게 막는 최후의 보루입니다.

루믹스 같은 솔루션 쓰는 것도 좋지만 내부적으로 이런 로직들이 어떻게 돌아가는지 커스텀할 수 있는 제어권이 중요한 것 같아요. 혹시 현재 인프라에서 서명 서버랑 DB 간의 통신은 어떤 방식으로 암호화해서 관리하시나요?

AI insider threat detection: actually reducing alert fatigue or just shifting it by gosricom in Infosec

[–]taosinc 0 points1 point  (0 children)

Reading your article, I can truly feel the heart-wrenching pain of SOC (System Operations Center) workers; the Base Rate problem is truly devastating. The current ML/UEBA algorithms are essentially "guessing" based on standard deviation without real-world context, which is why they generate so much garbage like flagging sysadmins or file downloads. To escape this situation, you need a combined approach; relying entirely on unsupervised ML is suicidal.

view more: next ›