|
Thanks Ants posted:If your work laptop is poo poo slow because of stuff your IT department did to it then just work slower
|
#
?
Mar 14, 2025 18:19
|
|
|
|
| # ? Mar 16, 2025 21:02 |
|
|
Thanks Ants posted:If your work laptop is poo poo slow because of stuff your IT department did to it then just work slower Words to live by, but when it gets so bad that I can't navigate a Zoom/Teams meeting we have a problem. Mine can get to the point where I can't get to the unmute button or look up references to share. Good times. Internet Explorer fucked around with this message at 22:08 on Mar 14, 2025 |
|
#
?
Mar 14, 2025 18:55
|
|
|
I feel really low-rent with this question, so please point me to a better thread CMMC... any good resouces out there other than dry gov docs? Just want to make sure I'm not missing out on an easier way to approach and digest this. (Just lowly Level 1)
|
|
#
?
Mar 14, 2025 19:49
|
|
|
Tapedump posted:I feel really low-rent with this question, so please point me to a better thread As someone who is currently going through CMMC Level 2, don't feel low rent CMMC is new and scary and a pain in the rear end for anyone who is in an underfunded security program. You're probably not gonna find any CMMC specific guidance because it really doesn't exist yet, the best you could do if you really want more is stuff referencing NIST 800-171 and 800-53, but honestly Level 1 from what I remember is like... fifteen controls and a self assessment so it's not so bad. I believe there's a goon here who is an auditor of some flavor for it, I think. edit: the best advice from my experience having just completed a mock assessment is over document everything. Everything must be documented, and those documents need documents even if it's self evident, create a giant stack of paper. Defenestrategy fucked around with this message at 20:30 on Mar 14, 2025 |
|
#
?
Mar 14, 2025 20:26
|
|
|
some kinda jackal posted:can't execute malware if there's no free cycles
|
|
#
?
Mar 15, 2025 04:09
|
|
|
does anyone actually pay for sysdig? and if you have been, do you think you're gonna renew? every single sysdig customer i've talked to has either said "its awesome but we never use it" or "wiz's sensor is good enough so we're getting rid of it"
|
|
#
?
Mar 15, 2025 12:48
|
|
|
Thread title is satire right? Imma bout to drop a lot of budget on Complete + Identity + SIEM
|
|
#
?
Mar 16, 2025 00:29
|
|
|
CloFan posted:Thread title is satire right? Imma bout to drop a lot of budget on Complete + Identity + SIEM Did you try to fly or go anywhere and buy anything last July?
|
|
#
?
Mar 16, 2025 00:31
|
|
|
CloFan posted:Thread title is satire right? Imma bout to drop a lot of budget on Complete + Identity + SIEM There are a lot of people who like the product and a lot of people who don’t like the product. 
|
|
#
?
Mar 16, 2025 00:37
|
|
|
CloFan posted:Thread title is satire right? Imma bout to drop a lot of budget on Complete + Identity + SIEM Coming this spring on Fox, Unfrozen Caveman CISO!
|
|
#
?
Mar 16, 2025 00:47
|
|
|
|
|
#
?
Mar 16, 2025 00:52
|
|
|
I mean it's either that or S1 full stack Either seem to be streets ahead of what we have now, and cheaper to boot!
|
|
#
?
Mar 16, 2025 02:44
|
|
|
Defenestrategy posted:We're now doing sprints in my department. On the plus side this has turned into a net -2 meetings per month for me, on the negative side sprints don't make any sense to me having had it explained. In my half of the department I have my own internal projects, pen testing, lab stuff, whatever. I have to field "help desk" style questions and answers for various things like HIDS, NIDS, etc. and then on top of that I get emergency stuff like "An employee needs to be termed" or "an employee is mining crypto and we need to scrub their computer." poo poo. What you need in this sort of situation to get your manager to define your allocation to Agile BS and Operational BS. Then you need them to back you up when ops stuff slips so you can meet agile targets and vice versa. The first part is hard, the second part will be harder. If you can't get the management backing formally, start aggressively managing your time. Hand off tickets, push them back as much as SLAs will allow, make your calendar a wall of "gently caress off, I'm busy" events.
|
|
#
?
Mar 16, 2025 03:09
|
|
|
|
| # ? Mar 16, 2025 21:02 |
|
|
CloFan posted:Thread title is satire right? Imma bout to drop a lot of budget on Complete + Identity + SIEM Crowdstrike incident caused several hours of outage where I work, so the company started a review to see if we should replace Falcon. Someone made the call to do PoCs on the top competitors and see which ones wouldn't embarrass themselves in front of our red team, as a start. IDK what exactly happened after that, but we still have Falcon. No doubt there's companies, with either better or worse risk environments than us, where Falcon wouldn't make sense. I imagine there are places that have CMDBs at bedrock, no-compromise app allowlisting, no direct sudo, etc, where they would see Falcon as too much additional risk.
|
|
#
?
Mar 16, 2025 04:02
|
|
