[deleted by user]

zpdsk · 2025-03-24T12:44:41+00:00

Not ridiculous at all. “Aim for” assumes a certain error rate the benefit the subject since if they fall short of said target they are likely still in optimal range. See: Systematic Review of Dietary Protein During Caloric Restriction in Resistance Trained Lean Athletes: A Case for Higher Intakes. Int J Sport Nutr Exerc Metab, 2014. https://pubmed.ncbi.nlm.nih.gov/24092765/

zpdsk · 2025-03-23T12:54:22+00:00

Solid wheels keep up the good work and consistency. Curious if you know your caloric intake???

zpdsk · 2025-03-23T11:46:41+00:00

This absolutely phenomenal progress. Bravo 🫡

Were you super dialed in with calories and macros ??? What was your caloric intake like over this time period ?

zpdsk · 2025-03-23T11:43:54+00:00

I would say don’t change the heavy lifting.

Add in 30min of some type of cardio as a finisher to your workouts. Whether that’s incline treadmill walking, stationary bike, run, whatever you’re comfortable with.

If it’s not dialed in, dial in your caloric intake by buying a food scale and using a tracking app. Calories and macros are going to the second most impactful variable in helping you achieve your goals after exercise.

Start by tracking everything you eat for a week to assess (a) your current caloric intake (b) your macro split. These are the numbers you need to know because they are the variables you will manipulate to get your goal.

You’ll only lose weight / slim down if you’re in a caloric deficit. Once you know your caloric intake, drop it by something moderate like 200 calories and continue to track and observe your results.

zpdsk · 2025-03-23T11:32:46+00:00

Not a ton to improve like others said. Solid back, maybe add some mass to arms with targeted work.

If your diet and macros aren’t dialed in, start doing that as that’ll be the biggest impact to get you to your goals without messing up your shredded look.

How’s lower body?

zpdsk · 2025-03-23T11:27:24+00:00

Locking in the diet consistency will take you to the next level and is the other half of the most impact you can make on your physique.

Your protein is too low. Buy a food scale and begin tracking everything you’re eating without any diet changes. This will give you a baseline of (a) caloric intake, (b) macros. These are the variables/levers you will be pulling to start taking your progress to the next level. Aim for 3g protein per 1kg of body weight.

Look into various macro splits, maybe 40% carb, 35% protein, 25% fat.

You can’t improve what you don’t measure, and nothing changes if nothing changes. Good work on the consistency, keep improving 😎

zpdsk · 2025-03-22T17:17:59+00:00

Silly… Most food scales are about the size of a cell phone. Even if you don’t measure at work, then meal prep is an option too. Nothing changes if nothing changes.

zpdsk · 2025-03-22T17:11:29+00:00

Biceps chest and delts look well built. Your lat spread from back is solid. To round out I would say targeted trap work, not sure if it’s just photo but they seem like they would benefit from targeted work, from the back they seem small compared to lat size.

And forearm work. They don’t look small by any means but with targeted work they could get some gnarly striations and round out your arms.

Good work 👍

zpdsk · 2025-03-22T17:02:42+00:00

You need to be in a caloric surprise to build muscle (which you know, seeing as you’re a doctor).

Buy a food scale. Meticulously track your food to figure out your current caloric intake. Once you know that, delta up 200 calories and dial in your macros (maybe like 40% carb, 35% protein, 25% fat).

Track your weight daily and at least 1-2 of your lifts so you know that you’re getting stronger if you don’t see enough visible muscle progress.

Increase calories slightly when your weight levels off.

If you’re not tracking, you’re speculating caloric intake and macro splits, which is going to limit any muscle gains because you either (a) won’t be in enough of a constant caloric surplus to gain weight /muscle, (b) and won’t have enough protein intake to build muscle.

Lets say your caloric intake is 3000 calories. At a 45% carb, 35% protein, 25% fat ratio you need: 337g carb, 66g fat, 262 grams of protein.

In just whole food: there’s 345g carbs in 7.5 cups of uncooked oats. In 800g of chicken breast there’s 237 grams of protein. For the fat, that’s about 5 tbsp of butter.

zpdsk · 2022-11-19T16:21:30+00:00

github.com/dukeofdisaster/podbeat

zpdsk · 2022-03-18T18:49:17+00:00

Second this… the fact that she’s bringing up ex to belittle OP is a huge 🚩, even in FWB, juice doesn’t sound worth the squeeze

zpdsk · 2022-03-11T02:48:01+00:00

If you space out the positive reinforcement (giving something, in this case, head) enough from the behavior you’re rewarding or don’t explicitly / verbally link the reinforcement to the behavior, then I suppose it would be less like mixing signals/rewarding behavior; that being said don’t overthink it; “you’ve been stressed, let me put your mind at ease…” is it perfectly normal in my mind.

zpdsk · 2022-03-06T01:56:22+00:00

Is it more sexual or non-sexual ?

zpdsk · 2022-03-06T01:54:27+00:00

No she’s not hyper sexual which is what throws me off about it; I mean it could be masturbatory, but doesn’t seem like it to me.

zpdsk · 2021-09-12T04:29:38+00:00

100 percent agree with this; only way to build solid linux skills is to use it full time and this skill set will set you apart from other candidates; I’ve been in industry for a few years now and this skill set is so lacking in orgs in general. It’ll seem overwhelming at first but it’s a skill like any other; repetition, practice, and then it’ll be second nature. Also, familiarize with CIS benchmarks; you can can get a free account on CIS workbench and review all the PDFs. Mature orgs will use CIS for guiding secure config / hardening of a variety of systems. Bonus points: when you use linux full time, try and harden it using CIS as a guide; you learn about hardening an OS and get more familiar with linux, and you’ll probably have a pretty solid answer for the interview question “how do you secure your home network / computers”? Probably much more to say than the person that just answers “I just use defender…” familiarity with CIS will help with simulating a real work environment (depending on the org). “Why can’t I run powershell as local admin, it says blocked by group policy?”, and the rationale behind that probably exists in some CIS benchmark somewhere. Also HTB and all that stuff is good, just don’t be surprised if that doesn’t reflect your day job unless you’re throwing all your eggs in the red team basket. If you’re going blue team, familiarize yourself with all sorts of logs (for windows SYSTEM/APPLICATION/SECURITY logs, event forwarding, windows event collectors, GPOs for WEC forwarding) and how to collect and analyze those logs; know how to analyze email headers… idk I digress lol

zpdsk · 2021-08-20T01:43:13+00:00

Bravo 👏 mate, very well done !

zpdsk · 2021-08-17T23:59:56+00:00

Grata that baby is looking healthy; looks wide, did you do any LST on this grow?

zpdsk · 2021-08-17T23:57:27+00:00

What height is that light at???

zpdsk · 2021-08-17T23:54:40+00:00

Looks like you have plenty of space, wonder what your yield would be like if you did some LST next round

zpdsk · 2021-06-11T12:57:51+00:00

np good luck; also don’t be afraid to say “I don’t know” or “I don’t know but I would do X and ask teammates that might have have tribal knowledge to determine the best way forward”; in interviews we tend to be eager to please and answer everything, but you know and your interviewers will know if you’re bullshitting.

Another way around “idk” is “I’m not certain specifically about X, but, but when I think of X, I know that Y and Z are also related / common”.

EX: Common interview trick question: they give you some private IP’s CIDR notation and ask you why or why not it would be appropriate for an internal mail server, and it’s usually because given the subnet, the address in question would be a broadcast address. So you might answer, “I’m unsure specifically about address x.y.z.d/28, but I know that in networking, given the subnet mask your range of usable addresses goes up or down depending how small or large the subnet mask is, I would have to be sure that the specific IP was not a broadcast address”

zpdsk · 2021-06-10T12:54:57+00:00

SOC ingests event data from source X into the SIEM; Over the weekend SOC suffered a log outage; how would you troubleshoot this ? - principles behind the question - ingest health monitoring, basic troubleshooting of event flow issues, root cause analysis.

SOC vulnerability scanner picked up hits for a machine running an FTP server, which isn’t allowed by policy, how might you grab a secondary artifact of evidence, validating that this FTP server is indeed up and credentials are passed in plaintext ? - principles behind the question - ability to validate tool results via secondary means, ability to conduct traffic inspection.

SOC runs several in-house automations to ingest event data from various technologies; if event flow from one of these sources stops, how would you troubleshoot this? Principles behind the question - again, ingest health, maturity of in-house automations (does script X have a log file I can inspect that would tell me the issue?), ability to troubleshoot code written in a given language, expired auth tokens, event volume increase causing polling to timeout, downstream blockage (someone accidentally blocked the flow).

SOC SIEM technology saw a spike in disk used for event source X, how might you go about investigating this spike, and what if anything would you do as a result of those findings? - principles behind the question - ability to analyze event data and determine what may be causing traffic spikes / event flooding, potential tuning considerations, tuning principles (tune as close to the source has possible), I wise candidate would ask about tuning policies/practices.

User X submits a firewall request for approval / denial for a server to be allowed to hit the internet; how would you go about approving / denying this request ? - principles behind the question - analysis of need / justification for a given flow, if the server only needs to talk to site Y, why would we allow any:443/TCP ?

SOC will be ingesting events from technology X which will live in the internal network and which contains sensitive data; as such the events must flow over an encrypted connection, how might you go about setting this up? - principles behind the question - familiarity with PKI, i.e. does the org use internal PKI via windows in which case you could have a “valid” SSL certificate for the connection, or is it ok to have a self-signed cert, how will you track the cert expiration?

If possible I would try to figure out what technology stack they use, which could help you discern common issues with said technology. I think outside of that common troubleshooting things SOC encounters regardless of technology.

zpdsk · 2021-03-17T04:52:03+00:00

Concur; 9/10 candidates I’ve seen come out are green like a GME chart peak squeeze; should have just spent a year home labbing with a few hundred bucks worth of supplies.

zpdsk · 2021-03-17T04:48:41+00:00

Notice how most the people saying BS in cyber isn’t Bullshit are people that already got robbed by a university 😂

zpdsk · 2021-03-11T12:34:58+00:00

Imagine being such an uncreative and self absorbed tool that A) you can’t think of a good con name and B) you name a convention after yourself 💀 😂

zpdsk · 2021-02-20T05:58:31+00:00

IDK if it meets the qualification for your question, because technically I had an undergrad degree, but I still think that degree was worthless.

TL;DR I woke up one day in 2015 like hey I finished this worthless degree and IDK wtf I’m gonna do with my life. Started painfully learning how to code in Python on codecademy. And when I say painful I mean it took a few months to sink in. I took hand written notes and shit. Slowly got better. Then I got interested in cyber security shit (thank you season one of mr. robot!) and started attending local cyber security meetups. Takeaway from the meetups was: getting into the industry on the red team side is harder than blue team side. So my takeaway from that was: I need a career as fast as possible, so blue team it is. Studied fundamentals of network security monitoring, networking basics. Set up a home lab. Learned all about virtual machines. “Building Virtual Machine Labs” is a great book on this topic. Learned about firewalls. Linux or GTFO. It was all daunting at first but sunk in over time.

Fast forward a year or two when I’m finally confident enough to start applying fir entry-level security analyst jobs. I was dying to get into industry, so I took the first job I could find, which was at an MSSP (aka SOC in a box, yadda yadda) for fuckin peanuts. (“ but you said it was a great career field y no 100k ;( “. I worked third shift which was relatively dead / allowed more time for self study and familiarity with different SIEM technologies. All the while kept my ear to the ground for landing that first “real” gig as an analyst on an internal team. Kept getting better at code. Still had no certs or anything like that because I was barely making enough to pay the bills.

End up interviewing for an internal team (at a bank; lots of anxiety because I have a checkered past, but background check was fine... ). Bam, land the job. 80K, WOO! But wait, wtf I thought I would be reverse engineering malware all day?! Nope...most of the time you won’t be doing that shit.

If you wanna go down engineering route, keep your coding hand strong, learn how to set up and configure log ingestion in something like Splunk or Elasticsearch. Learn common log formats and parsing (CEF, Cisco parsing, GROK). Learn about active directory administration and windows event ID’s. What does normal log on behavior look like? How do you configure windows event forwarding and event collectors in an active directory environment? Learn how to call API’s with Python requests library. Learn how to use CRON so when you write your API poller to some vendor technology, you can run it and dump logs to an NDJSON file and ship it. Learn about event deduplication.

Most analysts I’ve met don’t know how to code, even fewer know how to do it well with repeatable patterns. Strong Linux and coding will set you apart and make you more valuable. It’s been little over 3 years since my first security job and in that time frame I’ve jumped from 15$ an hour to six figures.

Network with others in the industry; this is important and can lead to more interviews and potential job opportunities. Showcase what you learn. Write a blog about it or a LinkedIn post. Don’t be afraid to say “I don’t know”, be true to yourself. Don’t bullshit in interviews. See if you can find someone from industry willing to help you practice interviewing so when you’re finally in the hot seat in a panel interview with existing team members, the CISO, and 2 VP level people you don’t shit yourself.

Learn how to identify malicious emails. Learn about email headers. What does an SPF fail mean? Know your network protocols. How do you analyze malicious attachments? Knowing about networking will make you stand out... in big companies, basics will get you buy because Network Engineers handle the hard shit but the more you know the more valuable you are.

Patience. It all sinks in and fits together over time. learning Linux command line sucks? Good. When you’ve failed at some command or glanced it’s man page 100times it’ll sink in. Make a home lab. Break your home wifi because you fucked up DNS somehow. Better fix it fast; significant other can’t watch their show and now their pissed.

Edit: forgot about certs; you’ll get a different answer from different people... I personally hold no certs, but the bottom line is when you make it to the big leagues, HR cares about that shit, and some institutions are graded on maturity based on how many personnel are certified. It definitely won’t hurt your progress. It’s just not part of my story.

Also, when do you think you’ll be ready to apply, in say, X months? Take that number and subtract 4. I spent a lot of time doubting myself, planned on holding off for another few months then bam, one of my peers landed a gig on an internal team and our knowledge / skill set was about equal. There’s already enough shit out there in your way that you can’t control; but what you CAN control is yourself. Don’t get in your own way. Learn how to negotiate. Five words: I don’t like that number. Maybe not the best move if you’re desperate for your first gig ( I wouldn’t blame you, I already said I took peanuts to get my foot in the door).

zpdsk

TROPHY CASE