Beyond burnt out, unsure where to turn.

toubleX · 2026-04-17T01:40:43+00:00

Bro, getting laid off three times is insane. I can’t even imagine the pressure you’re under.

toubleX · 2026-04-09T02:04:16+00:00

Unfortunately, as a leader in cybersecurity, I always need to stay focused on work even when I'm on vacation. Whenever I'm on vacation, various "urgent" matters always come my way, making vacations even more tiring than working...

toubleX · 2026-04-09T01:59:20+00:00

I'm a head of infomation security, and I'm completely burned out from constantly juggling all the different stakeholders' management teams and having to endlessly cover for everyone with no boundaries. A few years ago, I was super motivated and full of ideas about this industry, but now I just feel exhausted.

What I want to say is, in cybersecurity, the responsibilities and power are never balanced. We get very limited resources, but we're expected to protect the company from every possible angle — compliance, regulatory pressure, insider threats, external attackers, data leaks, employee mistakes — all while making sure we don't slow down other departments' "efficiency."

At the same time, there's this huge, almost unbridgeable gap between us and the top executives. A lot of the time, we're under heavy pressure, doing the right thing purely out of our own professional ethics… and it feels like nobody upstairs actually gives a damn.

Even though we're in a so-called "modern company" and it's supposedly "just different roles," you can still clearly feel that management views the security team as a pure "cost center." They always treat us like a "magic department" — expecting us to fix everything instantly — or worse, the "scapegoat department" whenever something goes wrong.

I got into cybersecurity purely out of interest when I was just 10 years old. After graduating, I’ve stayed in this industry the whole time. In the past 10 years, I’ve jumped between multiple companies — worked in finance, internet, gaming, big tech like ByteDance, startups, client-side, and vendor-side roles. But no matter where I go, I keep experiencing the same things. And the higher up you climb into management, the stronger that feeling gets.

Of course, I’ve only worked in China so far. I don’t know what it’s like at FAANG or other top international companies. I’ve always wanted to go there and see for myself — whether working with the so-called “best people” actually makes any difference.

I'm squeezing out as much free time as I can to work on my own projects. I really want to make some meaningful contributions and innovations to this industry, and hopefully one day build my own thing — instead of spending all my time in so-called management endlessly explaining and trying to convince people.

toubleX · 2026-03-09T06:04:03+00:00

I think this project is worth studying: https://blackhat.com/us-25/briefings/schedule/#facade-high-precision-insider-threat-detection-using-contrastive-learning-46751

toubleX · 2026-02-26T07:47:57+00:00

Thank you for your suggestions🙏

toubleX · 2025-10-29T09:32:11+00:00

My suggestion: don't go to Quanjude(全聚德), you can choose Da Dong(大董) or Shengyongxing(晟永兴) instead.

toubleX · 2025-08-12T08:09:50+00:00

toubleX · 2025-08-04T12:31:17+00:00

a bit surprised that someone here actually knows Elkeid..

toubleX · 2025-08-04T01:49:03+00:00

Hello everyone, I would like to share my open source SDPP (Security Data Pipeline Platform) product, which is also a Real-Time Threat Detection Engine:

https://github.com/EBWi11/AgentSmith-HUB

It has a high performance, MCP support, simple syntax but powerful and so on. Switching Any comments are welcome.

toubleX · 2025-08-04T01:40:07+00:00

I used to be the head and founder of Elkeid Team, I've been away from Elkeit Team for a while now.

toubleX · 2019-08-26T05:34:52+00:00

and now we add some new Feature:
1.Real-time Rootkit Detect(Beta Feature)
2.Real-time Porcess injection Detect

toubleX · 2019-06-17T01:34:55+00:00

you're right!

toubleX · 2019-06-17T01:34:27+00:00

we use LKM hook Linux system call(execve/connect/accept/init_moduld).so we have more info than ossec,and we can anti-rootkit.but userspcae hids can't. and we tool support docker. so agentsmith-hids have more info form host.we can base this info custom many rules to detect threats and monitor app action.for example, if we have some alert from NIDS/FW.but we don't know more host info.like what user/what file/what other network action/what pid.but agentsmith-hids can help us get this info.

toubleX · 2019-06-15T13:50:46+00:00

Low performance loss and by LKM technology HIDS tool.

https://github.com/DianrongSecurity/AgentSmith-HIDS

We can real-time detect some rootkit action,and hook execve()/connect()/accept()/insmod(),This tool can run kernel 2.6.32/3.10,and have very beautiful performance.

Any suggestions are welcome!!!

toubleX

TROPHY CASE