|
This is an interesting conversation and thanks for the serious replies. I got a laugh out of all you security folks who signed up to break poo poo. Good fun. And I suppose it makes sense that the general “I like to solve puzzles” mindset of IT nerds applies here as well. And to you folks who recognize IT as being a force multiplier and SecOps as being most effective when integrated into the greater whole and recognizing that it is in everyone’s best interest to work towards the common goal of enabling the org to make money faster, better, efficiently, etc.
|
# ? Jan 15, 2023 03:34 |
|
|
# ? May 20, 2024 20:41 |
|
Arquinsiel posted:Nah, the sheepdog analogy comes from farming, where you are a big slightly-less-dumb animal that does what it's told by the people who actually know what the goal of the organisation is. I also have a low opinion of many people with a CISSP because I've met enough who think it means they know everything. But I brought that up to say that the security industry is aware of this problem - I'm not just pulling it out of my rear end. But no, security shouldn't think of themselves as the police of the organization and "slightly less dumb" than the users. That's a terrible approach doomed to failure.
|
# ? Jan 15, 2023 04:24 |
|
I'm pretty sure I got my job because the mission statement I proposed was 1. Give the people who actually make us money the tools they need to do so 2. Make sure our poo poo doesn't get stolen or vanish into the ether That's it. That's a successful IT department where IT isn't the product. My best security guy (and best friend for a couple decades) is in it because he likes to break stuff, runs his home automation off raspberry pis, and does bird photography as a hobby. YMMV.
|
# ? Jan 15, 2023 06:40 |
|
Remember that client who was telling his users not to bother logging tickets, just come and see me directly? Turns out, when he left, his parting shot was to give his replacement my personal phone number and tell him to call if he needs after hours support. Yeah guess who got a call at 10pm last night for an AD account lockout.
|
# ? Jan 16, 2023 05:22 |
|
Bargearse posted:Remember that client who was telling his users not to bother logging tickets, just come and see me directly? Turns out, when he left, his parting shot was to give his replacement my personal phone number and tell him to call if he needs after hours support. Send him a bill.
|
# ? Jan 16, 2023 05:31 |
|
Rick posted:Send him a bomb.
|
# ? Jan 16, 2023 05:42 |
|
I still can’t figure out how he got my personal mobile number, I never give it out to anyone, especially not clients with a history of ignoring process. There’s no way that genie’s going back in the bottle, I’ll just bill him the after hours ad-hoc rate, submit a time sheet to payroll and be done with it.
|
# ? Jan 16, 2023 06:02 |
|
I would have flat out asked how he got that number and explained that it's my personal number and shouldn't have been shared. If they continue to use it, explain again that they should not expect that number will be answered, as it is not the proper channel and then block them.
|
# ? Jan 16, 2023 06:13 |
|
It's OK to fire clients like that.
|
# ? Jan 16, 2023 06:22 |
|
KillHour posted:I would have flat out asked how he got that number and explained that it's my personal number and shouldn't have been shared. If they continue to use it, explain again that they should not expect that number will be answered, as it is not the proper channel and then block them. Agreed, I’ll have that conversation next time I’m on site. He’s pretty reasonable when you’re dealing with him in person, one on one, but of course I’ll be sending the customary “as per our discussion” email, and if it happens again I get out account manager involved and block him.
|
# ? Jan 16, 2023 06:56 |
|
CommieGIR posted:As an infosec guy: This is a huge problem. Being the department of no and failing to build relationships and solve problems for your customers is how you kill security teams. Holy poo poo this. Ive just moved over to a security team in our org and our entire focus is on building a security engineering mindset and proactively working with teams instead of acting as gatekeepers. The results have been phenomenal. If you just no people you end up with clandestine workarounds and those are about 1000% more likely to be actually utilized in a breach because the instructions are typically plainly spelled out in some self-hosted team documentation in a no-auth environment somewhere
|
# ? Jan 16, 2023 11:17 |
|
KillHour posted:I also have a low opinion of many people with a CISSP because I've met enough who think it means they know everything. But I brought that up to say that the security industry is aware of this problem - I'm not just pulling it out of my rear end.
|
# ? Jan 16, 2023 15:29 |
|
Arquinsiel posted:The field as a whole has a huge distortion caused by the amount of former US servicepeople joining it with skills gained in service, and the verbiage in job postings tends to include words like "enforcement". This is such a huge problem, especially in physical security. You have no idea how many idiot ex cops and military I've had to deal with and listen to their stupid ideas. No, painting "security" on the side of your loving maintenance vehicles is not a deterrent, you dipshit.
|
# ? Jan 16, 2023 17:24 |
|
Paladine_PSoT posted:Holy poo poo this. Ive just moved over to a security team in our org and our entire focus is on building a security engineering mindset and proactively working with teams instead of acting as gatekeepers. The results have been phenomenal. If you just no people you end up with clandestine workarounds and those are about 1000% more likely to be actually utilized in a breach because the instructions are typically plainly spelled out in some self-hosted team documentation in a no-auth environment somewhere Its amazing how people suddenly want to talk to you when they know you won't just shut them down but will help them figure out how to get what they need done. Its also a good way to find out about the clandestine stuff that shouldn't have been done because suddenly those same people are telling you about the jury rigged stuff people left behind that they've run into.
|
# ? Jan 16, 2023 17:54 |
|
KillHour posted:This is such a huge problem, especially in physical security. You have no idea how many idiot ex cops and military I've had to deal with and listen to their stupid ideas.
|
# ? Jan 16, 2023 18:38 |
|
Arquinsiel posted:There's an entire genre on Irish social media based around the reaction of Eastern European former conscripts working as bouncers or retail security and reacting in a completely understandable way to some random shitfaced Dublin lad deciding to throw a swing after being refused entry. They're just rather obviously over-trained for what they're doing and there's no call for those skills anywhere else. I don't mean guards, I mean overpaid "consultants" who think that planning a recon mission one time in Iraq is exactly like designing a long-term safety and security practice for an industrial campus and also think that they're the only ones who know anything because "you weren't in the Marines, were you? Did you see action? I didn't think so."
|
# ? Jan 16, 2023 20:40 |
|
We don't really get those in Ireland for obvious reasons, and the one time we did I can't talk about for NDA reasons. Might run across them now that I've moved to London though, and that'll be one hell of an interesting conversation to have.
|
# ? Jan 16, 2023 21:17 |
|
Silly Newbie posted:I'm pretty sure I got my job because the mission statement I proposed was That's my IT department in a nutshell. It's great, even if some of the users are the kind of people that no quantity of remedial training will stop them from aggressively clicking on every link in every email they see. I have yet to convince the boss to let us put up a wall of shame for remediation ticket totals. KillHour posted:I don't mean guards, I mean overpaid "consultants" who think that planning a recon mission one time in Iraq is exactly like designing a long-term safety and security practice for an industrial campus and also think that they're the only ones who know anything because "you weren't in the Marines, were you? Did you see action? I didn't think so." "No sir, I stopped eating crayons by the time I was five."
|
# ? Jan 17, 2023 05:24 |
|
CommieGIR posted:Its amazing how people suddenly want to talk to you when they know you won't just shut them down but will help them figure out how to get what they need done. Engineers are surprisingly straight forward people, and if they've developed a workaround for "the right way", it's because the effort and time put into building and maintaining that workaround was less than the effort of dealing with the bullshit "the right way" comes with. Firstly, you have to close the hole that's utilizing that workaround, but if your solution doesn't come with "and make the cost of the right way lower", You're just inviting the problem back, and your engineers are now more annoyed and less likely to consider security a priority, but more likely a nuisance.
|
# ? Jan 17, 2023 05:57 |
|
My boss: complains about having too many meetings with no purpose, talks about skipping dumb meetings in his youth. Also my boss: tells me not to bother with meeting agendas since "no one reads them", constantly suggests pulling meetings together to talk about simple stuff. Do we all just age into becoming the people that annoy us the most? Am I having a Grandpa Simpson "it'll happen to youuu!" moment?
|
# ? Jan 17, 2023 19:41 |
|
I'm a Virtual Reality developer and there's a VR headset that my company is very interested in using because of its unique features. We bought one and I've been tasked to test it and figure out its limits. The unique features are locked behind a license as its aimed towards professional users. No problem, I contact our vendor to purchase one. They tell me that due to popular demand, the manufacturer are only accomodating companies with 50+ headsets. I said (kindly) that that's bullshit and who the hell would spend 50K on headsets without testing it out on a much smaller scale. We ask if they can push our case with the manufacturer, while mentioning that we do have some industry leading partners who we're working with, just to kinda get the ball rolling. So they introduce us by e-mail to the manufacturer's regional sales and we explained our situation. A week later we still haven't heard back from them so I sent a quick follow-up to our vendor. They tell us the manufacturer only has ONE employee world-wide taskes with handling the licenses and supporting clients. Keep in mind these paywalled features are practically the cornerstone of their B2B marketing for these headsets, and they are actively still adding new features and updates to it. And they are one of the top 3 players for VR headsets, not some random start-up.
|
# ? Jan 18, 2023 15:09 |
|
Sounds like you've got your answer, you shouldn't work with them.
|
# ? Jan 18, 2023 15:12 |
|
Yeah, that'll hopefully be our conclusion at the end of our trial period. Only if the competitors could get off their rear end and actually implement device fleet management and shared headset tracking features. Honestly don't ever work with VR headsets.
|
# ? Jan 18, 2023 15:47 |
|
Fragrag posted:Yeah, that'll hopefully be our conclusion at the end of our trial period. It's a different type/class of device but you can do most of these requirements with hololens 2, managed over intune so quite easy even for small deployments.
|
# ? Jan 18, 2023 16:28 |
|
Fragrag posted:I'm a Virtual Reality developer and there's a VR headset that my company is very interested in using because of its unique features. We bought one and I've been tasked to test it and figure out its limits. does this company's name rhyme with tragic beep
|
# ? Jan 18, 2023 16:40 |
|
Weedle posted:does this company's name rhyme with tragic beep No, it's HTC. I don't even know why I was being so coy with the name, the XR/VR world is small sure but sometimes you just need to call a spade a spade. SlowBloke posted:It's a different type/class of device but you can do most of these requirements with hololens 2, managed over intune so quite easy even for small deployments. Sounds interesting, unfortunately we develop full immersion experiences, so no focus on Augmented Reality. A friend of mine started using ArborXR recently and that's apparently a pretty good platform-agnostic fleet management system for XR devices
|
# ? Jan 18, 2023 17:13 |
|
Good to see HTC have taken their experience in crashing their Android smartphone business into the ground and applying it to other product lines
|
# ? Jan 18, 2023 17:52 |
|
Both surprised and not surprised it's HTC. What dev group would have 50 headsets? Most dev groups might have like 10 or 20 max, even AAA shops.
|
# ? Jan 18, 2023 17:59 |
|
my org needs more security people with iac experience, I am getting very frustrated right now
|
# ? Jan 18, 2023 18:24 |
|
The Fool posted:my org needs more security people with iac experience, I am getting very frustrated right now I'm pretty sure if you put both CISSP and Terraform on your resume, the HR spreadsheet that tries to calculate salary requirements has an overflow error.
|
# ? Jan 18, 2023 18:56 |
|
Day 2 of 4 with the right wing paranoiac OSHA trainer today. Gonna wind her up to make the time pass faster.
|
# ? Jan 18, 2023 19:28 |
|
tactlessbastard posted:Day 2 of 4 with the right wing paranoiac OSHA trainer today. Gonna wind her up to make the time pass faster. Ask her how she feels about the government interfering with the efficiency of the free market by making sure you don't die on the job.
|
# ? Jan 18, 2023 19:33 |
|
But note they once her head starts spinning at rates approaching c, relativistic effects will make time pass even slower.
|
# ? Jan 18, 2023 19:36 |
|
tactlessbastard posted:Day 2 of 4 with the right wing paranoiac OSHA trainer today. Gonna wind her up to make the time pass faster. Derailing a horrible instructor in a horrible classroom is a time-honored tradition. Fly high fly free my friend! I took a three day course in telecommunications offered by two turbo nerds who thought vomiting acronyms for eight hours a day was good instruction. Class was so bad that by four hours into the first day the entire class had pulled out their laptops and were doing their day jobs. The capstone was that these two knuckleheads had an exit exam to check absorption but they neglected to host a pre-learn exam as a baseline. So taking an exit exam to test for retention was pointless. Thing was, You could take the exit exam as often as you wanted and my manager says that 100% of the class failed the exit exam with a median score of 35%. Then someone passed the test with a score of 71% and leaked the answers so a solid majority of the cohort of 45 people also passed with a score of 71%. It’s the funniest, most skewed, obviously broken exam data set I’ve ever seen. And we are all certified in telecommunications architecture now. Weeeeeeee! Agrikk fucked around with this message at 19:43 on Jan 18, 2023 |
# ? Jan 18, 2023 19:40 |
|
KillHour posted:I'm pretty sure if you put both CISSP and Terraform on your resume, the HR spreadsheet that tries to calculate salary requirements has an overflow error.
|
# ? Jan 18, 2023 21:01 |
|
tactlessbastard posted:Day 2 of 4 with the right wing paranoiac OSHA trainer today. Gonna wind her up to make the time pass faster. "If I hang my wife from the sex swing hook in our bedroom, does she count as a suspended load, as per OSHA 1926.1425?" "If I'm wearing my hardhat, high vis vest and steel toed boots, are pants also required? If so, are they required to be fully buttoned and zipped?" Methylethylaldehyde fucked around with this message at 21:25 on Jan 18, 2023 |
# ? Jan 18, 2023 21:15 |
|
pretend there's fentanyl on the training materials and have a reaction
|
# ? Jan 18, 2023 21:18 |
|
I just spent 1/2 the day troubleshooting instrument output. @ 10 am "Nothings been changed. " Based on the output I've seen, it's out of alignment or program was messing up. @4pm we go through all the output options 1 by 1. @5pm I tell them again that , the only way to see that output is if the instrument program was changed. Oh yeah I made some adjustments. ...
|
# ? Jan 19, 2023 00:21 |
|
I always like bringing up poo poo like we should have steel toe shoes because how smashed our feet would be if we dropped a server or how the noise levels next to racks is probably bad for our hearing.
|
# ? Jan 19, 2023 02:41 |
|
|
# ? May 20, 2024 20:41 |
|
ghostinmyshell posted:I always like bringing up poo poo like we should have steel toe shoes because how smashed our feet would be if we dropped a server or how the noise levels next to racks is probably bad for our hearing. You should. PPE is always good. Cintas and Grainger both have bootmobiles that can come to your work place.
|
# ? Jan 19, 2023 03:33 |