Should we be discouraged or appreciative of the shit show that is the current and near term state of information technology and security?

On one hand, there’s never been more need for doing IT well, more informal computer based warfare, and an enormous plethora of companies trying to innovation or enshitificate security solutions…

On the other hand there’s all that above.

You’d think job security, but still not quite.

I see security people grinding and burning out, not sure if that’s fixable. Maybe if you change from caring to not caring?

Thoughts?

Anyone use open source tools professionally or in your shop? Security Onion, Wazuh, etc?

I have been painstakingly laying the ground work for segmenting network into data center management plane, and future overlay networks for internal applications and dmz / public services.

It would have been easy to burn the place down and start over…

Ever look at emby?

Office culture nuances… I enjoy them.

DomainCode-SiteCode-Function##

ACME-USCA-WEB01 ACME-GERM-DC02

I worked for a company where the previous IT dorks named the servers after startrek ships. It’s cute at home. Had to rename everything and readdress the whole organization.

How far do you guys go?

'All of it’s or until it’s inconvenient?

What’s the pain tolerance for when everyone says it makes the job too hard?

Ever compared CIS controls to STIG ACAP?

I’ve only ever used SCAP for a few reasons z but one being it’s free.

What do you guys use for STIG audit?

Manual STIG viewer or SCAP?

Makes sense. Thanks. I have heard of R7. Had not heard of Qualys.

Thanks

Good info, thanks.

I am familiar with ACAS, which is why I am testing the products.

Fully capturing all the capabilities of scanning, auditing configuration seems like you could put countless hours into the implementation.

I imagine the ROI is high based on what I’ve seen.

Would you agree?

Thanks,. I’ll check into those two

I know businesses like to skip on spending money for upgrades, but still using 2010 is pretty far out. These just mom and pops that have no idea, or these just businesses that don’t care?

I spent Wednesday tracking down what was transferring too much data. It was domain controllers. The team didn’t figure out why though. I’m waiting in anticipation. I also can’t call people names without knowing/JK

Spent the day/week wondering why part of a network was transferring 100 times the planned data, wondering if data exfil, etc.

Nope, just misconfigured domain controllers. Still waiting on the geniuses on that team to figure something out.

If your DC uses GBs instead of MBs to replicate a mostly static directory, you might have a problem…

Thanks for posting interesting stuff.

1. I like getting infosec info on infosec instance :)

2. If you cross post to two communities on the same instance, we all see double posts.

Maybe we can pick between cybersecurity and security news for articles and the other for discussion?

Nice. You guys allowing the playbooks to configure or just audit?

Can you share any of the baseline that’s not specific to your org/sensitive? What sources are you using as a reference?

Just make sure it’s HBA mode and it’ll be fine. Sometimes called IT mode.