For this first time in my career I’m working at a company with a dedicated Security team and I fully understand now why having SysAdmin experience should be absolutely necessary to be on a CyberSecurity team…

[-]

Euphoric_Eye_2984@reddit

![gif](giphy|fXnRObM8Q0RkOmR5nf) No.

Reply

[-]

I would go to your manager and script kiddy's manager with this. Running random scripts on prod. Wow. If you do end up in a position where you have to run arbitrary stuff from the sec team, get it in writing, preferably in something like a ticket system, and make sure that your concerns with the script are noted.

Reply

[-]

ryanknapper@reddit

In the meeting, insist that the script kiddo explain each command, what it is doing, and what the result would be.

Reply

[-]

_Choose_Goose@reddit

Without letting them reference ChatGPT

Reply

[-]

ChillKyle@reddit

Best experiences asking for help have been the help command in power shell. Update-Help is always the first command I run when needing help.

Reply

[-]

antrov2468@reddit

It’s unfortunate because I use ChatGPT as a tool to write some scripting stuff faster but I have the experience to verify what it’s doing and all that. I got in a couple years ago before AI stuff took off, so I HAD to learn that stuff, now people have such access they won’t bother learning the basics which is why it’s a problem

Reply

[-]

ArcticFlamingoDisco@reddit

This is called job security. If you actually learned and have to compete with folks that don't and can't understand their job, you have a hell of an advantage in the long term. I use ChatGPT or whatever to help complete the boring parts of scripts that are 70-90% done. Or to help with a particular function. Honestly I'd prefer to google, but all of the search engines are insanely terrible compared to 10 years ago.

Reply

[-]

chipsharp0@reddit

I've had this complaint for YEARS about fresh-outs that come in thinking they're going to take over the world, and AI has made it worse. They all know HOW to do something, but they rarely know WHY to do something. They rarely know the implications of the click they make, they're just doing stuff and hoping they trip over success in the process.

Reply

[-]

aes_gcm@reddit

It’s supposed to be a fancy autocomplete, not a replacement for your knowledge.

Reply

[-]

nopeynopeynopey@reddit

I use it as a tool as well. Sometimes it spits out garbage and I have to correct that garbage

Reply

[-]

_Choose_Goose@reddit

And that makes all the difference. Knowing the answer is mostly useless. Understanding the answer and why it’s the answer are the important things.

Reply

[-]

falcopilot@reddit

Shouldn't be an issue- ChatGPT should be blocked unless security and AI policy allows it, yeah? And if you're allowing AI, then we should hope Security has insisted on your own tenant to constrain data leakage. Obviously.

Reply

[-]

AutomaticDiver5896@reddit

Lock AI down like any SaaS: enterprise tenant only, allowlist egress, redact/scan prompts, and log prompts/responses to your SIEM. Use private endpoints and disable training. We’ve used Azure OpenAI and Cloudflare Gateway; DreamFactory helped expose read-only APIs with RBAC so LLM tools never touch prod creds. Enforce SSO, DLP, and a ticketed exception process. Same rule as scripts: no prod changes without change control.

Reply

[-]

1a2b3c4d_1a2b3c4d@reddit

...it would be, at that moment, that the URL for ChatGPT would be temporarily blocked during the meeting... ...the look on their face as they try to search for the answer in the meeting would be priceless...

Reply

[-]

_Choose_Goose@reddit

![gif](giphy|LRVnPYqM8DLag)

Reply

[-]

lemon_tea@reddit

Curl | bash Its just a curl command. Whats wrong?

Reply

[-]

PristineLab1675@reddit

Ryan - I would instead find some of the more obviously malicious or dangerous commands and ask why the security team is trying to get the infra team to do it. That way you get to showcase how dangerous the specific script is, and you get to follow up by telling the security guy that he specifically is not good at his job. Then look at his manager and say “we will be treating requests from security with a high degree of skepticism” and then leave.

Reply

[-]

AtaGlance5@reddit

I push back on anything I'm asked to run. I get DB patches to run straight to Live. And I just push back - we need to test this in Testing. I feel like I'm an ass but I constantly have to be the guy who pushes back. These contractors wanted to run a scheduled task but they didn't want to test it. They wanted to schedule it and just trust it ran fine going forward. And I had to be the bad guy and say noooo we need to test once.

Reply

[-]

Straight-Anywhere332@reddit

Why? Send it back to user and request him to get his team lead to approve it. No point in making yourself to be the "bad guy"

Reply

[-]

trippedonatater@reddit

This is a thing where knowing what your work environment is like makes a huge difference. Last place I worked with an overbearing and not super proficient security team sending it back would have been pointless. Then places where your suggestion would work that I've been in, the people were competent enough to not do this in the first place

Reply

[-]

xintonic@reddit

The amount of people I have interviewed that were straight out of college with Master's Degree in IT or Security that can't tell me a single thing about DNS is wild. Do colleges not teach the foundationals anymore?

Reply

[-]

DontMakeMeDoIt@reddit

What I'm noticing with my college students is a real lack of curiosity and initiative when it comes to self-directed learning. They'll complete assignments and check the boxes, but there's zero exploration beyond that. Nobody's running home labs or setting up game servers for their friend group anymore. It's either the bare minimum effort or straight to ChatGPT. No genuine engagement with the field itself.

Reply

[-]

h1ghb1rd@reddit

Did they ever?

Reply

[-]

shinynugget@reddit

100% agree that having IT experience is a huge plus if not a requirement. Theory is one thing, but experience in practical application is different. You certainly have a good teaching moment being presented to you.

Reply

[-]

2BfromNieRAutomata@reddit

yesterday our security team said to toss all PC's that are not compatible with windows 11 which is like 60% of the machines. "okay you want me to get rid of all the windows 10 machines even though we dont have replacements" "yes" Me and the PM (who was a sys admin) "we are not doing that"

Reply

[-]

Cheomesh@reddit

Did you guys not start planning your equipment replacement months ago?

Reply

[-]

FromageDangereux@reddit

They did, but the budget that would have enabled them to order the new machines was rejected 1.5 year ago, "We have time, we will order them Q1 2025". By dec 2024 they were spamming their manager every 2 days to rubber stamp the budget. The manager, who was interviewing for another company was playing poker in his closed-wall office. He left Q3 2025, didn't approve shit and the CFO took over his duties in the meantime. Seeing the eye-popping budget (3X due to the fact price went up and it was an urgent order now instead of ordering them 1 year ago, with 200 hours of overtime scheduled of sysadmin time to get the migration rolling) he just chose to do nothing.

Reply

[-]

ITSec8675309@reddit

Look at all the money he saved! /s

Reply

[-]

Angelworks42@reddit

That actually sounds worse than the university I work at where it's up to each dept to budget and appropriate funds for new computers. I believe we're down to a couple hundred un-upgradable clients though out of almost 10k.

Reply

[-]

Cheomesh@reddit

Sounds plausible

Reply

[-]

Caleth@reddit

Sounds like he works at my old job or at any of the clients I work for now. We've been pushing and pushing to get this done and now as shit is finally hitting the fan and people are getting the alert emails "Your shit won't work in two weeks" they are starting to wake up. But now stuff is several times more expensive becasue of rush orders, tarrifs, and OT for my guys to put in the man hours.

Reply

[-]

Cheomesh@reddit

I have fortunately never been in a crunch that bad but I fear one day that'll be me somehow, in spite of my best efforts.

Reply

[-]

2BfromNieRAutomata@reddit

im in government contracting. we replace the machines as the funding comes through. Theres not the funding for hundreds of machines to be refreshed at the same time. Not to mention each one needs to be hardened and then approved by security

Reply

[-]

bageloid@reddit

Yeah but like, non-Windows 11 compatible machines are probably 8-9 years old, and the Windows 11 requirements were announced over 4 years ago. >Theres not the funding for hundreds of machines to be refreshed at the same time. It shouldn't be at the same time, it should have been done over a 4 year period.

Reply

[-]

2BfromNieRAutomata@reddit

yes but have you considered that management is inept.

Reply

[-]

oldtkdguy@reddit

We are contractually required to keep certain legacy systems and hardware available and on network. IT gets really really snarky when we say "No, we can't get the XP's off the network. Give us the SUN we asked for"

Reply

[-]

A-New-Creation@reddit

Solaris 2.5.1 ftw lol

Reply

[-]

Cheomesh@reddit

Ah, fair. Though word was down a couple years ago about the TPM thing on Win11.

Reply

[-]

VexingRaven@reddit

60% of your fleet is over 8 years old?

Reply

[-]

glassmanjones@reddit

One company I worked would do hand-me-downs. IT+Engineering -> HR+NearlyEveryoneElse -> Customer Support. Led to me cleaning out the fans on an NVIDIA 1080 TI and 128GB of DDR3 in a dirt old dell workstation customer support machine once.

Reply

[-]

VexingRaven@reddit

That's such an awful way to do business, yikes. Way to make sure everyone knows who the favorites are and make a bad impression with your new hires.

Reply

[-]

glassmanjones@reddit

It wasn't as bad as it sounds, but it sounds awful from what I said above. Anyone could schedule a machine replacement once their box was >5 years old or sooner if your manager agreed it was time(typically >3 years). Buuuuut if there weren't hand-me-downs available, the default build for most departments was a brand spanking new plain desktop that runs MS office. Or you might get a great big tower with a 5 year old GPU that's crazy overpowered for running a ticketing system, because someone else needed 1/2TB of RAM instead of 1/8.

Reply

[-]

2BfromNieRAutomata@reddit

Unfortunately, I’m not the one who makes these decisions.

Reply

[-]

jake04-20@reddit

Just out of curiosity, what is your plan for 10/14 then? I don't think the security team's request is that crazy considering it's not unreasonable to assume that there is a plan in place to replace/otherwise address the machines that don't meet Win 11 compatibility requirements.

Reply

[-]

indigopearl@reddit

not op, but our plan is to... keep using windows 10 and make best efforts to stay safe/upgrade as quickly as we can. people act like "support is ending" is equivalent to hardware is bricked. We still have xp on (some) production lines, it's gonna be ok.

Reply

[-]

SilkBC_12345@reddit

>people act like "support is ending" is equivalent to hardware is bricked. I have experienced that as well. They see "support is ending" and read "Windows 10 will stop working completely at midnight on Oct 14" I am sure there are still some Windows 7 and 8 machines out there somewhere (probably folks who just really don't like change)

Reply

[-]

jake04-20@reddit

I plan to run win 10 at home beyond support but in a businsess setting -- to each their own. I wouldn't do it. At a minimum I would use the work arounds to upgrade to Win11 on unsupported hardware. If it's a spend issue, I would hope you're at least doing your due diligence to explain the potential risks and CYA in writing that leadership is choosing not to upgrade.

Reply

[-]

indigopearl@reddit

obviously, lol... We're not throwing up our hands and just not doing anything. But it's a slow process (that we started 2 years ago). Sometimes you just have to work with whats available.

Reply

[-]

caerleon777@reddit

is it best practice? no. is it compliant? no. but its not like win 10 will suddenly stop working. the sad truth is many companies would rather roll the dice or pay the fines as it'll be cheaper for a while

Reply

[-]

jake04-20@reddit

As long as you explain the risks and CYA I guess. You can still install Win11 on unsupported hardware, I would do that at a minimum.

Reply

[-]

Geno0wl@reddit

> You can still install Win11 on unsupported hardware, I would do that at a minimum. if you do the registry hacks to bypass the need for TPM2 then you are opening yourself up to a whole other type of potential exploit as well though. One that if you get caught up in I bet the cyber insurance companies will point to and then refuse payout. So really what are you gaining?

Reply

[-]

jake04-20@reddit

It's not intended to be a long term solution, you're just buying time. Out of curiosity, what are the exploits that you open yourself up to? Do you just mean the inherent risks of not having secure boot enabled and TPM based bitlocker?

Reply

[-]

caerleon777@reddit

youre potentially losing access to ms security updates down the road...so kind of same bag haha. we cant control if our clients wont spend the money

Reply

[-]

Caleth@reddit

> It's not intended to be a long term solution, you're just buying time. Nothing more permanent than a temporary solution. As soon as the bean counters and upper management hear "We've fixed it for now but need to have a real solution quick." They tune out at "we fixed it." Now their CAPEX and OPEX are in the clear and quarterlies are saved so bonus city here we come! Then in six months when someone is begging them to fix the problem for real they'll ask what the hell do you mean? WE fixed that months ago. Or better yet they're will be a breach something will go sideways fast and now it's a massive shitshow all round with everyone playing shitty musical chairs.

Reply

[-]

Geno0wl@reddit

It is kind of an unknown really. But the bigger problem is if something does get out...you have zero proper defense. Like say in may 2026 some bad exploit starts going around effecting Windows 10 machines. Microsoft has stated that if you pay you can still get some security updates. So push to shove you can pony up and protect your systems. if in April 2026 an exploit gets out that effects Windows 11 machines WITHOUT TPM...what then? Microsoft is highly unlikely to rush to even try to fix it. You are just kinda screwed since the solution is new hardware and not software.

Reply

[-]

BeanBagKing@reddit

I can't think of a way for that April exploit to happen in the way that you mean. When you install Windows 11 on a TPM-less machine, you aren't getting a different operating system. Both a TPM machine and a non-TPM machine will be vulnerable to the same things. The difference is that the non-TPM machine can't use cryptographic features like Windows Hello and local disk encryption. This can be bad for other reasons, especially for something like a laptop that might get stolen. However, that's not an exploit in the traditional sense.* ** What -could- happen is that there could be a vulnerability discovered in the way windows handles authentication that systems using Windows Hello aren't vulnerable to. The thing in this scenario though is that the lack of TPM is just a byproduct, it means that your system cannot enable Windows Hello to prevent that attack until a patch comes out. It also mean that systems with a TPM, but that aren't using Windows Hello, are also vulnerable. Either way, a patch will get issued as usual and depending on the severity of the vuln and it's current abuse. Unless it's super bad, they don't out of band patch, so I wouldn't say "rush" to fix it, but neither will they drag their feet because it affects non-Windows Hello people more. It would be patched on the next patch Tuesday with everything else. *Unless you're getting really nitpicky and calling physical removal of the hard drive an "exploit", I don't think you or anyone else is trying to do that though. ** And if you're already using Windows 10 without a TPM, you don't have those features anyway. So you're going from an unpatched and unsupported OS without a TPM to at least a patched and supported OS without a TPM. Yes, upgrading the hardware *** is the better answer, but it doesn't always happen. *** Also, how old are ya'll machines? TPMs have been part of the processor since like Skylake IIRC, 2016. That's a 10 year old system. Give those poor office drones some new gear!

Reply

[-]

jake04-20@reddit

I get where you're going, but still lots of what ifs. There could also be a zero day for win 10 that bad actors are waiting for mainstream support to end before unleashing in the wild. I guess the point being, if your windows 10 machine is incompatible with win 11, i.e. secure boot, TPM or some other requirement is missing, at least when you upgrade to windows 11 on the unsupported hardware you're receiving security updates after the fact. If the lack of secure boot and TPM is the attack vector, then aren't your windows 10 devices likely susceptible regardless of ESU (extended security updates)?

Reply

[-]

PristineLab1675@reddit

The international regulations regarding cyber are definitely in favor of the customer. Unless the underwriters can prove the client fraudulently covered up and lied about specific findings, the UW almost always has to pay. So when they don’t, it makes headlines. If you say “we have mfa on everything”, there is a built in understanding that “everything” is everything the CISO is aware of and there is a potential for new applications to be stood up as shadow IT, the user pays with a corporate CC and never tells IT they need to onboard some quickbooks clone. I hate insurance but cyber is really customer friendly.

Reply

[-]

Jirkajua@reddit

Pay for Extended Security Updates and replace them in the next 3 years probably

Reply

[-]

Frothyleet@reddit

They're available through CSP now!

Reply

[-]

2BfromNieRAutomata@reddit

replace them as refreshes come in.

Reply

[-]

mineral_minion@reddit

refreshes?

Reply

[-]

2BfromNieRAutomata@reddit

new pc's

Reply

[-]

mineral_minion@reddit

I know, I'm pretending I don't know what they are because my company doesn't believe in them.

Reply

[-]

fatcakesabz@reddit

In the process of moving our headless workstations to VDI, won’t even have started at the point win 10 is EoL as we are just coming to the end of planning stage. we have 15% of that estate on non-compliant hardware. If we didn’t have a plan in place I would refuse to do this but, as I know these machines will be ewaste in less than 6 months we are just applying the reg hack and upgrading to win 11 anyway.

Reply

[-]

glassmanjones@reddit

SysSec: WE HAVE TO REMOVE WIN7! HAFTA! NO EXCEPTIONS(mid Win10 rollout) Me: What about Windows XP & 2K3? SysSec: we're not doing that one right now, just Win7 Me: What about Win2K? SysSec: we're not doing that one right now, just Win7 Me: What about NT4? SysSec: we're not doing that one right now, just Win7 CTO: Hold up. We have NT4? Me: we...have all of those running in different sites around the world. I'm not saying we should. We've never finished any of these migrations, we never have. At this point it's a farce to run around screaming with our heads cut off about any of them. I'm saying at some point we do need to manage this situation. Many of these robots cost more than our salaries - management aint replacing them. Some of them are older than SysSec.

Reply

[-]

RikiWardOG@reddit

lmao - just like that... because they just found out it was going to be EOL like they're years late to the planning party. jfc

Reply

[-]

2BfromNieRAutomata@reddit

i dont want to tell them about how there are half a million dollar appliances engineers use that are on XP

Reply

[-]

Real_Boysenberry_149@reddit

Dude, I dont get the Onlyfans hype. Why arent people just on Sylchat? Its live, direct, way more bang for your buck. After Sylchat, everything else feels like ass.

Reply

[-]

unethicalposter@reddit

I'm an ass I'd run it and when all the shit hit the fan id just say security told me to run it go talk to them

Reply

[-]

the_marque@reddit

This would also be failing at your job, though. Your job is not to click the buttons other teams ask you to click, it's to deliver the appropriate technical outcome. Now if your security team have screamed until they got hod access to everything and subsequently messed up your environment... different story :)

Reply

[-]

silentstorm2008@reddit

Yea, I hate when they say Comptia Sec+ (or whatever its called now) is *entry level* without any context. It security entry level, not networking or general IT principles entry level, you need knowledge and XP before

Reply

[-]

GullibleDetective@reddit

Colleges are happy to take your money, enrolling kids straight out of highschool

Reply

[-]

Klutzy_Scheme_9871@reddit

Kids don’t like college. Welcome YouTube influencers and boot camp to 500k in 2 years. No no don’t worry. You’ll go from zero to 6 figures in 10 weeks.

Reply

[-]

GullibleDetective@reddit

And have 100 Lamborghinis in your Lamborghini account

Reply

[-]

Nossa30@reddit

The only way an 18 year can get a loan for $100K is via college. Any other reason and you get laughed out the door.

Reply

[-]

GullibleDetective@reddit

Robertson, CDI, and <insert other diploma mill> are more than happy to take your money and give you nothing in return

Reply

[-]

Nossa30@reddit

And the best part? The diploma mills got you by the balls till the day you either die or pay off the loans. Bankruptcy can't save you. 22yr old with 100K loan and no job. Almost sounds like a racket. Like this was all part of the plan.

Reply

[-]

Klutzy_Scheme_9871@reddit

Almost? It IS a racket. Just mobsters operating legally that’s all.

Reply

[-]

TheDawiWhisperer@reddit

You could replace almost the entire security team at my place with an automated nessus scan and lose absolutely no value whatsoever. Good security people are as rare as rocking horse shit and infra experience is crucial to actually understanding what they're asking for

Reply

[-]

shackledtodesk@reddit

I’m stealing “rare as rocking horse shit.” Our security team is so bad that they can’t seem to figure out how to run Nessus against the whole fleet and we get these tickets where some random subset of machines have a vuln and I’m like “you missed the other 1200 machines with the EOL OS running on them, and here’s the two year old epic where we’ve spec’ed finally getting on something from this decade but have been blocked by the execs.” Ticket closed as duplicate.

Reply

[-]

fuckedfinance@reddit

>Good security people are as rare as rocking horse shit and infra experience is crucial to actually understanding what they're asking for People with infrastructure and security experience are not rare. Many companies just don't want to pay for that kind of experience. My company has an awesome security team. Always on top of shit, don't bug you repeatedly if you've already delivered some kind of mitigation plan, etc.

Reply

[-]

TaiGlobal@reddit

They are much rarer than you think. We’ve had shit luck hiring a senior security engineer (pay, years of experience, and not remote) you wont find much top talent and the talent you do find won’t stay long until they get a better offer or a remote position.

Reply

[-]

Klutzy_Scheme_9871@reddit

I’m one of those rare ones that can’t get a job anymore because these kids put me out of a job. Their masters realized they could get away with paying less so they accepted the risk that it’s only a matter of time before they get ransomwared and let their insurance change their diapers.

Reply

[-]

flecom@reddit

> pay, years of experience, and not remote >you wont find much top talent duh

Reply

[-]

StellarJayZ@reddit

Then maybe you should make it remote, because no one wants to have to smell your breath, homie.

Reply

[-]

surloc_dalnor@reddit

Right I've had interviewers point out that they couldn't possibly pay me that much because I only have 2-3 years of "actual security experience". Completely refusing to count my extensive Admin and Dev experience. Yet they definitely want people with networking expertise and programming experience. Meanwhile I can make a lot more as an SRE. Ironically the ops and SRE positions definitely count my security experience. The common issue I see is they aren't willing to pay rates that these folks would make in other roles.

Reply

[-]

RikiWardOG@reddit

I mean sure there are some out there. The reason they don't want to pay for it is because there's not a lot of them out there. Making them more valuable then what they can afford. There's absolutely a lack of qualified SecOps people.

Reply

[-]

t00sl0w@reddit

Im pretty sure every single person on ours came from IT project management. They're all really good at listing things in email but absolute trash at understanding security or admin stuff.

Reply

[-]

Bradddtheimpaler@reddit

That would explain why project management has become so attractive to me lol. You mean I just collect status reports and wrangle people in meeting for a few months, do nothing, and then collect a bunch of credit for a successful project at the end? Sign me up.

Reply

[-]

rimjob_steve@reddit

And a lot of the times get paid more than the CIs on the project.

Reply

[-]

ErikTheEngineer@reddit

You're also fully responsible for the success of the project, using team members you have no direct control over, who do work you can't do yourself or just assign to another person. It may look like an easy job doing scrums and meetings and all that...but there's a HUGE difference between good and useless PMs. The good ones are drill instructor organized, and can read back exactly what was uttered by whom, during Minute 11 of Status Meeting 19 last month, and what that utterance conveyed as a promise which is now not being fulfilled.

Reply

[-]

intorio@reddit

That works fine for projects where you are doing something you've done many times before where the scope and what needs to be done is very fleshed out. When doing a new project that significantly changes or adds to your current environment, it can be really annoying when a PM berates someone for not meeting an estimated timeline given in a prior meeting due to unexpected challenges or just flat out realizing it is the wrong approach. Disrupting the kanban board can get you treated like you killed the PM's dog.

Reply

[-]

bfodder@reddit

Seriously. This guy's, view of project management is the same as a user's view of IT.

Reply

[-]

Bradddtheimpaler@reddit

Absolutely. I’ve gotten really lucky so far. Everyone I’ve worked with on projects has crushed it. I’ve kind of been de facto drafted into the role occasionally. It’s been cake so far because the people doing the work have killed it and there hasn’t been a ton of schedule pressure. My boss seems impressed with my Gantt charts and my general approach, so I’m just going to happily accrue the resume fodder while I can

Reply

[-]

insomnic@reddit

It doesn't even have to be successful ... just a "complete" task list as far as the VP is concerned; and you can reset the whole thing if they decide to pivot for new leadership direction. Good project management is actually useful and functional and I appreciate it. That is *not* what most project management is based on my several years supporting PMOs in different environments. I almost switched to it myself because based on the capabilities of the PMs I was supporting I was way ahead of their PM knowledge despite their PMI and Agile certs. When folks ask how you get a job without much actual accountability just going to meetings and sending emails and then get a fat paycheck... that's the job that comes to mind for me. Good project managers are rare and a PMO with actual authority and accountability even more so. Value a good project manager... disparage (or take advantage) of shitty ones. :) ... I have triggers about this stuff ... :p

Reply

[-]

grimthaw@reddit

PMO shouldn't be accountable. The shitty exec who wanted the project started should be. So when it fails they are the ones accountable.

Reply

[-]

insomnic@reddit

True. For the existence of the project and its purpose (or lack of one). You aren't wrong. The folks who start most of these projects - the stakeholders - are rarely held accountable and that's worse because they just keep wasting resources and never really solve anything. The PMO do have accountability for the planning and execution though. They aren't just watching and collating people's work as they go about it. Ideally they are supposed to have setup the project plan (schedule, budget, effort) based on the PMO framework using their expertise in putting that together. What's the point of PMI or Agile "certification" and "expertise" if you aren't actually doing any of that? That's the accountability for a PMO. If a project fails or doesn't complete... where was the problem? If it completed well how do you replicate that success? Which teams had bad communication and which worked well? Which budgets were wrong or right? Which vendors created a roadblock or delivered well? If the PMO can't answer those questions after every project they weren't doing the job their "expertise" was paid to manage. The thing is - many PMOs don't do any of that and are never held accountable for their plan or communications beyond the status report that specific week. And then maybe a tiger team for the warranty period (usually with an empty office hours Zoom room that was only posted on an internal SharePoint page). Oh, and make sure Jim the VP's annual report on his projects are all green on the PPT even if half of them were dumped for "new initiatives" that are still pending approval.

Reply

[-]

heapsp@reddit

Its attractive because its hard to do a bad job. Most of the time a competent team will lead their own project somewhat if left completely abandoned. However, a good project manager is a godsend. One that actually has a board up-to-date and slows down progress on certain things to meet certain gates of architecture, security, and consistency and has a PLAN for MVP and understands when to push on certain things.

Reply

[-]

ddesla2@reddit

Herding cats.

Reply

[-]

Mindestiny@reddit

What's the old saying? "Those that can't do, become project managers?"

Reply

[-]

Correct_Jaguar_564@reddit

Those who can't do teach, those who can't teach audit.

Reply

[-]

iama_bad_person@reddit

The entire security team at my place is basically one dude with nessus scanner. Jokes, but it is just one dude, who's full time job is to keep an eye on CVEs, software vulnerability scans, phishing campaigns and research requested software. I used to think it was a useless position until it was created and none of us had to do that shit anymore, pretty nice.

Reply

[-]

webguynd@reddit

> who's full time job is to keep an eye on CVEs, software vulnerability scans, phishing campaigns and research requested software. I mean, isn't that the sysadmin's job as well? Maybe it's my naiveté because I've only worked for small/medium companies, but that has always been part of my job and it's never felt so overwhelming that I'd need to hire a full time position as a paper pusher/checkbox clicker to do it. Just sounds like bureaucratic bloat. Would be more helpful to hire an extra sysadmin at least instead of a dedicated "security professional."

Reply

[-]

Glittering-Duck-634@reddit

get a job at an MSP bro you will see its not your job any more

Reply

[-]

webguynd@reddit

No thanks, I value my work-life balance. Where I'm at is hard to beat. 40 hours or less most weeks, no on-call, unlimited PTO.

Reply

[-]

RetPallylol@reddit

You're right. You can't be a competent sys admin and just shrug your shoulders and say "welp, CVEs is security's job". Well yeah, the security team identifies CVEs, provides remediation steps, and you execute them.

Reply

[-]

admiralspark@reddit

Agreed. I work in security but came from years of networking and sysadmin, and I can't understand how anyone gets hired without an IT background. Feels like people in HR drank the Kool-aid about "get a degree and work in cybersecurity!". A college degree cannot replace experience and common sense.

Reply

[-]

Glittering-Duck-634@reddit

How come every security person I run into that is employed is like this, yet, when I interview for Security related positions they want real skills? I cant find one of these easy jobs in security.

Reply

[-]

AdultContemporaneous@reddit

As rare as a rocking horse shit. That's a new one for me.

Reply

[-]

Cheomesh@reddit

As a sys admin turned security guy, what are the properties of a good security person?

Reply

[-]

Zenkin@reddit

Being able to actually suggest remediation steps rather than just pointing to a security vulnerability would be a big one. Anything which actually *adds value* to a Nessus report, basically.

Reply

[-]

Ansible_noob4567@reddit

You mean to tell me copy/pasting the MDFC recommendations into tickets and sending them to Ops and Platform teams is not acceptable?!?!??!?

Reply

[-]

TheIntuneGoon@reddit

I got mad just reading this lmaooo. Literally all my security team does outside of quarantined devices when alerts are tripped.

Reply

[-]

Cheomesh@reddit

Roger - how does this interface with the technical team's responsibility to know how to remediate things?

Reply

[-]

klauskervin@reddit

Isn't the security team supposed to be the technical team? Everywhere I worked it was security's responsibility to identify a vulnerability and offer mitigation steps. I feel like if you take out the second part what the hell is the point in even retaining them?

Reply

[-]

heapsp@reddit

because the investor said you need a security team and braden is willing to work for 120k/yr instead of the 160k/yr required by a security engineer who provides remediation steps.

Reply

[-]

Cheomesh@reddit

In my case I am denied any ability to do the technical stuff and, what's more, I'm overwhelmingly the highest paid person in my own unit. Even more than the people I report to.

Reply

[-]

Cheomesh@reddit

Up until my current position, yes I was - this isn't always normal though. In my current slot I am assessment and management, not technical. Their technical crew is a bit undermanned, but they actively resist me throwing my hat in the ring, even for things I have a lengthy history of doing - heck they wont even let me do STIG assessments.

Reply

[-]

BaconEatingChamp@reddit

> Isn't the security team supposed to be the technical team? No, generally the security folk should only have read access to things and not be the ones actually fixing other team's systems.

Reply

[-]

Zenkin@reddit

Depends on the team and the issue. If I'm an infrastructure guy responsible for making sure the servers are up and communicating, and you find that there are some security issues around cookies and headers on one of our public facing websites, should that go to me, the web dev, or you? My instinct would say "web dev" in this case because you and I don't touch anything related to their code. I would also guess they are the least likely of the three to know **how** to fix that security issue without guidance, and I would hope the security team could come up with some reasonable suggestions for a "good config." The guidance would be the "value add" I'm looking for from a security guy, and the actual responsibility for implementing would be the dev (meaning they don't just take your example, run with it, and then cry if the website falls over, they are expected to know and/or learn a safe way to implement the changes).

Reply

[-]

heapsp@reddit

You need to understand how to take a step back away from the infrastructure and realize what problems in process brought you to the security issue at hand. You also need to push for the right tools based on the environment... Like line of sight vuln scanners that scan once a month are completely worthless as an example. With the lack of the right tools, security becomes impossible. So a good security engineer will know how to structure a company for centralized logging without breaking the bank , and know how to report on visibility tools.

Reply

[-]

Cheomesh@reddit

Thanks - I seem to have some promise there as I am largely putting the focus on systemic improvements (just getting started there - a lot of my effort since starting has been pulling documentation together and getting our framework controls addressed with what I got). There are a few assets on our scanners that have sat in a neglected state for some time before I joined, though, so my first course was just to tell the network guy to "do something patchy with this particularly glowy switch". Now that I'm getting our auditing stuff in to the next phase, though, a lot of how I plan to address findings is in creating a better system (most notably they're stuck patching routers and switches one by one at the moment, which just seems bonkers).

Reply

[-]

ka-splam@reddit

I dunno, but we can start by exclusion some properties of an annoying cybersecurity person: - runs a Nessus scan and just dumps the report unedited with a list of IPs and tons of repetitive non-issues. - Asks to turn off all firewalls and security products before a security scan, then flags up anything which would be stopped by the firewalls and security products. - obsesses over small things like "this IPMI endpoint is using self-signed SSL cert" but never comments on an overall design like "all these management endpoints should be on an isolated VLAN fronted by a HTTPS proxy with a real SSL cert on it, gated by a central identity server logon". - Only comments on things which can be scanned, like "this program is 0.2 versions out of date" but doesn't comment on "everyone can access the entire file share, we need some Role Based Access Controls and here's what we recommend" - Doesn't understand any difference between updating Putty on a server vs updating a core datacenter switch firmware vs updating a shared CPanel/WordPress web host with software we don't control. - Is only concerned with fixing reported problems, and isn't thinking about fixing the whole problem long term, e.g. "install this patch" vs "let's get an automated patching solution". Or "disable this ex-employee account" vs "let's have a policy/tool/central identity server so offboarding is automatic and implicit when people leave". Or "I blocked the gambling URL you asked me to block" vs "let's have a reputation filter on all web traffic and block all gambling URLs". - Doesn't get involved in (or isn't allowed in) early design decisions. "How should we set this new system up?" should have input from someone who understands the tech, understands security regulation and guidelines, and understands the business goals - what tradeoffs should we make, what risks should we guard against? Techs usually know the technology and some tech-level security settings but doesn't have company buyin to lock things down. Management hopefully know the business goals, but not the other things. Hopefully the cybersecurity department brings in a knowledge of security laws/patterns and has some management respect. - Doesn't know the security landscape, e.g. SonicWall and FortiGate having lots of SSL VPN vulns recently, SonicWall having a stored config leak recently, Cisco having a new big vuln recently. It would be good if they kept abreast of the industry and guided the company away from worse products/technologies and towards more respected products with evidence management care about. There may be much different things in bigger orgs, validating/limiting 3rd party access, with internal software dev teams, etc.

Reply

[-]

Cheomesh@reddit

Thanks! Up until my current billet I was basically a one man show so I didn't *really* have to explain things or justify stuff - just prioritized based on what the anticipated impact and level of effort would be, and tell management "number go down yay". Now I actually have people in teams under me and I've been hesitant to put forward much info because I thought I'd appear presumptuous (though I temper my messages to the technical crew by referring to findings as allegations until we prove otherwise and focusing more on finding more automatic ways to address issues rather than just say "patch thing").

Reply

[-]

TheDawiWhisperer@reddit

>obsesses over small things like "this IPMI endpoint is using self-signed SSL cert" but never comments on an overall design like "all these management endpoints should be on an isolated VLAN fronted by a HTTPS proxy with a real SSL cert on it, gated by a central identity server logon". /twitch

Reply

[-]

TheDawiWhisperer@reddit

i'll let you know when i encounter one :D in all seriousness just an understanding of how everything hangs together and how the company works is very useful. for example our security dudes will send us tickets for dozens of servers because they're supposedly missing the September security update when we're in the middle of the patching window. and the servers in question will be looked after by different teams but they'll just send them all over to us anyway because a server is a server and they can't tell the difference

Reply

[-]

RetPallylol@reddit

Do you not have weekly or monthly check ins with the security team to go over vulnerabilities and remediation steps?

Reply

[-]

TheDawiWhisperer@reddit

yeah but it's like screaming into the void

Reply

[-]

RetPallylol@reddit

As a former sys admin and now security guy, I feel for you. *Sad sys admin noises*

Reply

[-]

Cheomesh@reddit

Ah, I do at least have that - though the last couple months are the first time I have actually had teams under me (the last decade plus it was all on me)so that's novel.

Reply

[-]

Hg-203@reddit

Understanding the whole stack and know how "vulnerabilities" are mitigated by other systems or business processes. It's John's whole arc in The Phoenix Project.

Reply

[-]

Cheomesh@reddit

That I do have - a large part of my experience has been within a security framework context so that has moulded me to think along those lines.

Reply

[-]

caerleon777@reddit

just do what i do and say no to everything

Reply

[-]

Cheomesh@reddit

Oh how I wish

Reply

[-]

Ytijhdoz54@reddit

Degree factories are partly to blame for this, there was so much hype built up around cyber security. I remember 8-9 years ago there was this big push of “Security field is going to be in a huge demand” and one time I remember seeing it at the top of a list called “Highest paying jobs in demand” in like 2018-2019. Crazy times.

Reply

[-]

sp-rky@reddit

Earlier this year, when I was initially trying to get into the IT industry, I had a cert factory trying to sell me on a 10k course that was just CompTIA A+, Network+, and Security+, because cybersecurity "experts" are in "short supply". They may be in short supply, but I don't think 3 certs are enough to be considered an "expert" lol. They told me I wouldn't be hired anywhere in the industry unless I picked up some certs - yet here I am 8 months later with zero certs and a great starting job doing desk support ;)

Reply

[-]

Ytijhdoz54@reddit

Thats great, yeah its a bit sad how CompTIA has fallen to the way side. My best advice to give is avoid r/ITCareerQuestions, keep doing home lab as a hobby, and start working on getting your CCNA. And also dont feel pressured to go to cybersec, such a broad spectrum of jobs in IT so kinda keep an eye on what people at work are doing and see if that might be more interesting.

Reply

[-]

zoharel@reddit

Oh, it's definitely getting ever more important. Two words: vibe coding.

Reply

[-]

RubberBootsInMotion@reddit

You're absolutely right! Except vibe coding is actually three words!

Reply

[-]

yuk_foo@reddit

The degrees are worthless and out of date the moment you start the course. I did my cyber security and networking degree 11 years ago and found it easy, it wasn’t really teaching me anything new on the security side that I hadn’t already learnt in my free time. Many people on the course struggled however, multiple re-sits, zero contribution in group projects yet somehow still passed coasting all the way through. Universities make it far too easy to pass, it’s been a problem for years, it’s like people expect an education because they pay for, without putting in the effort. Then if they don’t pass it’s the universities fault, or the lecturer, or the curriculum, anything but the lazy ass student. Universities then run the risk of formal complaints lodged, pushy parents and a whole word of pain. I can see why they then make it easy and just do it to make money but it’s totally wrong and devalued degrees so they are next to worthless with every idiot in the class obtaining one.

Reply

[-]

19610taw3@reddit

It is still going like that. A 21 year old with a cybersecurity degree is like a 23 year old MBA 15 years ago. All the book knowledge but zero applicable experience.

Reply

[-]

Turbulent-Pea-8826@reddit

Add in an AI that denies all change requests.

Reply

[-]

Elminst@reddit

Don't need an AI for that. Just put an email autoreply with "No." in the body.

Reply

[-]

sroop1@reddit

Autoreply would be suspiciously quick - there has to be a 3 week lapse in replies to 'review' the requirements.

Reply

[-]

TheGreatNico@reddit

and the lower on the food chain the more profanities the response contains

Reply

[-]

Turbulent-Pea-8826@reddit

But we must call it “AI” even if it is not AI and is in fact just an auto reply.

Reply

[-]

gatorfreak@reddit

Holy shit, we might be coworkers

Reply

[-]

vivithemage@reddit

This guy gets it. Cyber security groups in IT are just paper pushers.

Reply

[-]

Constellious@reddit

*Hands me some sort of scan report with no context. * Please fix. Like why does a person need to be involved here? Just have Nessus send me the report.

Reply

[-]

heapsp@reddit

not nessus, nessus is garbage because you still need a security team afterwards to take the results and divvy it up. You CAN replace an entire security team with wiz.io though

Reply

[-]

webguynd@reddit

> You could replace almost the entire security team at my place with an automated nessus scan and lose absolutely no value whatsoever. The problem is all the "security" people trying to come in for the salary, but have zero tech chops at all. They are glorified auditors and paper pushers. Security always used to be a combined admin + developer effort. It wasn't a special career path, it was part of doing your job correctly. Cybersec now rewards the appearance of security more than any actual practice.

Reply

[-]

mriswithe@reddit

> as rare as rocking horse shit Taking this

Reply

[-]

DismalOpportunity@reddit

“Rate as rocking horse shit” got a good chuckle out of me. Never heard that phrase before.

Reply

[-]

Chehalden@reddit

I freaking swear the entire IT Security team at my work could be replaced with my wife, who has no IT experience & she would do a better job

Reply

[-]

ThatITguy2015@reddit

Fuck that sucks. Like you said, a good security team who understands your environment is worth its weight in gold. We help teams so much with security questions, etc. in addition to normal security things, as many of us understand the environment so damn well.

Reply

[-]

Iced__t@reddit

> You could replace almost the entire security team at my place with an automated nessus scan and lose absolutely no value whatsoever. You don't think having multiple 'security engineers' to attach the results of the automated Nessus scan to a ticket is valuable?!

Reply

[-]

degoba@reddit

Ha! The security team at my place basically reads nessus scans and then relays that info to us. Theres not a technical skill among them

Reply

[-]

Droghan@reddit

Same! drives me insane. Just automate the damn reports and send them to me. Why do we even have Infosec at this point?!

Reply

[-]

c0ldburn3r@reddit

Wait... do we work at the same place cause that's exactly the scenario at my work.

Reply

[-]

usernamedottxt@reddit

Good incident responders are like $150k minimum. And it requires a solid culture and proper integration on top of that. It’s expensive to say the least.

Reply

[-]

Bob_12_Pack@reddit

That's pretty much how ours operate. It's a small team of 2. They just read the results of the scan, create a ticket for us to remediate whatever dumb shit it flagged, send reports to the higher-ups about how they saved us from the hackers.

Reply

[-]

Xibby@reddit

> rare as rocking horse shit I’m filing that away for future use, thank you! 😂

Reply

[-]

lungbong@reddit

Our security team wanted root access to all our servers. I said they could have access to a dedicated test environment rather than prod. I was amazed how bad they screwed it up in 2 days.

Reply

[-]

SilkBC_12345@reddit

Yes, please do go on. This sounds very interesting!

Reply

[-]

lungbong@reddit

Our full test environment consists of a VM running docker and all of our services (databases, web servers, application servers, load balancers, billing systems, email server etc. along with a set of dev tools, mocks and a webmail service (so you can test sending mails to a customer and read them). It has no access to the Internet and is completely self contained other than SSH to the VM and HTTP/HTTPS to the web servers from the dev network. That way we can run as many test environments as we have capacity for. The dev tools let you do things like initiate a bill run, timetravel forward and back and the mocks act as our suppliers and partners. They thought the bill run emails were spam and blocked the email address on the mail server. Running HTTP was a risk so shut it down (despite the fact that HTTP just redirects straight to HTTPS), one of the MySQL databases had a vulnerability so rather than upgrade within 5.6 they upgraded to 8 (note 5.6 wasn't EoL at this point) without any due diligence, broke half the scripts that talk to the DB and all the puppet config. Oh and that was the master but they left the slave running 5.6 carrying the same vulnerability. Not sure what they did to apt-get but apt-get update gave a bunch of weird errors I've never seen before. And to top it off they tried to deploy our production SSL certificates into test, thankfully they didn't have access to them but that didn't stop them stripping out all the test certs in preparation.

Reply

[-]

Angelworks42@reddit

Like monkeys in a china shop

Reply

[-]

bbqwatermelon@reddit

Missed opportunity to check backups and watch the fireworks

Reply

[-]

Muted-Part3399@reddit

please go on

Reply

[-]

sysadminresearch26@reddit

The four pillars of the IT world are: business, development, operations, and security. Having worked in all four departments in some fashion, it typically goes like this: Business wants things done immediately with the most ease of use to keep whatever their department's purpose is going more efficient with more features. Development tries to make sense of whatever business wants and wants their thing to work with full permissions and infinite resources from whatever they can cobble together from the internet. Operations wants whatever bullshit development is scrapping together to abide by standards and not break the system resulting in a 3AM incident call because whatever junk they just dropped just overloaded compute or network resources. And a good security engineer wants all three to chill the hell out and implement safeguards all along the way, none of which anyone especially likes because business users don't like their laptops locked and MFA, developers don't like to be told what supply chain repos to use and to scan their code with DAST?SAST and abide by permissions, and operations to shut down bullshit ports like Telnet and do things like service account password rotation and deprecating a shit ton of systems still in use. In my opinion, no matter if you want to be a good product manager/business analyst on the business side, a good developer, a good sysadmin/SRE, and a good security engineer/analyst need to consider all four sides equally and put themselves in others shoes and care equally about the result and not who's monkey it is to deal with to figure out. When one pillar is in 'fuck you, got mine' mode, the whole thing falls apart eventually.

Reply

[-]

Klutzy_Scheme_9871@reddit

My response as a security engineer to other teams was always “if we get breached and the company goes down, you’ll be unemployed”.

Reply

[-]

Lucifugous_Rex@reddit

So. Damn. Accurate.

Reply

[-]

Bradddtheimpaler@reddit

I’m the only person focused on security at my company and I’m also responsible for much of the systems administration. Scanning for vulnerabilities is a piece of cakes. Figuring out what (if anything) is going to break when I apply the mitigation to the vulnerability and working around that is the hard part. TLS1.0 still enabled somewhere? Turn it off, nbd, right? Except maybe it’s still enabled for a reason, and some integration somewhere is going to crash out the second it’s disabled.

Reply

[-]

Generico300@reddit

> some integration somewhere is going to crash out the second it’s disabled. Or worse, the integration only runs a batch once every 2 weeks on a saturday so it crashes 2 weeks later while I'm out of town.

Reply

[-]

Wonderful_Hamster@reddit

Hey, how did you get access to my ticket queue?!?

Reply

[-]

cederian@reddit

We took down an old Solaris server at IBM Global Account years ago and when it went down nobody said anything, a few months later when a billing batch that runs twice a year didnt run, hell broke loose. I still have PTSD about that RCA and trying to explain to the "Office of the CIO" why we had to decomm a 20 year old server that had 7 years uptime.

Reply

[-]

thunderbird32@reddit

>Solaris server at IBM I'm slightly shocked there wasn't some internal IBM edict to have the only flavor of UNIX allowed in the company be AIX.

Reply

[-]

bbqwatermelon@reddit

Don't threaten me with a good time

Reply

[-]

krazykitties@reddit

Dont you put that evil on me Ricky Bobby!

Reply

[-]

Bradddtheimpaler@reddit

Yeah, now we’re cookin lol

Reply

[-]

teethingrooster@reddit

They turned off TLS1 at my job and it brought down the sql servers tied to sccm lmao

Reply

[-]

The-OG-Caden@reddit

New guy with only windows experience, hey, can you just run a quick script for me? Buried in quick script: "Sudo rm -rf /"

Reply

[-]

sinisterpancake@reddit

As far as I am concerned cybersecurity is kinda the pinnacle of IT. There is no real direct path. You can be good at a single point like pen testing but to actually be a security expert you need to know and understand every aspect of IT. In order to protect it, you need to know about it. You don't need super expert knowledge of everything but you need working knowledge of everything plus expert knowledge on several things working toward others. In order to be even decent at it you need to know servers/system admin, phone systems, badge systems, cameras, software and applications, in depth networking/wireless, firewalling, UTMs, cloud tech, DNS, NAC, DLP, EDR/XDR, vulnerability hunting, patching, automation, backup and disaster recovery, system resiliency (RAID, Link/Load balancing, distributed file systems, etc), programming/scripting, databases, web technologies, proxies/filters, DPI/decryption, mobile devices (MDM/MAM), email, phishing training, certificates/PKI/CAs, physical systems and hardware, MFA, zero trust, help desk type support, windows stack/AD/Group policy/Intune, licensing, tons of Linux, MAC (sometimes), hundred of security tools, pen testing/red team, defense/blue team, compliance and regulatory requirements, etc etc. I will never understand how someone with no real world experience can come out of school and be call themselves anything close to a cybersecurity expert. You have to start at help desk or sys admin or possibly security analyst and learn. Then continue learning and never stop.

Reply

[-]

madbadger89@reddit

It took me 10 years of helpdesk, sys admin, cloud admin before I ever touched into a security role. I would not be nearly as effective without my background. I’m not being arrogant, it took 15 years of solid IT experience to be an engineer and I’m proud of that resume. You are acutely correct that good security people must have broad knowledge and a couple areas of deep expertise. That makes them rare. And good ones are a huge benefit to an org but rarely affordable. I also teach as an adjunct and students are struggling to get entry level security jobs - because security is not an entry level job. So the market has a glut of people with bachelors degrees but no real world context. 6 months in a security job will teach you more than your entire coursework. Granted soft skills through college like written communication are so critical, but the point still stands.

Reply

[-]

IronJagexLul@reddit

I think this is peoples biggest issue. They want to cope so hard that they did college or got that cert and are ready for the job. They dont want to admit that to be really good at these more involved roles requires touching, understanding, fixing these things. Knowing how all the system works together. You cant learn that in college or books. It takes real time and real hands on effort effort. Id never trust a pilot that only knows how to fly from reading books or taking tests. You can tell me how all those knobs work. Great! Now what do you do when one fails and half your gear isnt working. I have little trust in a heart surgeon thats only watched yotube videos on heart transplants.

Reply

[-]

Mystic2412@reddit

I get your point and people shouldn't jump straight into cyber from college but how do you plan on training the next generation if you never hire them cuz they have no experience?

Reply

[-]

Financial_Advisor_@reddit

You hire them as helpdesk and they'll eventually make their way there.

Reply

[-]

Mystic2412@reddit

Yeh that makes sense

Reply

[-]

PristineLab1675@reddit

Bruh it wasn’t YouTube it was a boot camp, it was basically like the marine corp but for IT

Reply

[-]

Durfael@reddit

yeah on my way to that too ! 6 years as a tech support, started my scholarship again with an apprenticeship as a sysadmin this month (i'm french so apprenticeship is kinda common here, i'm 1 week at school, 3 weeks at work)

Reply

[-]

treefall1n@reddit

My employer just give the sec team engineering titles. Barely any sysadmin knowledge on the team. It's a fluffer's world.

Reply

[-]

Beginning_Ad1239@reddit

I would argue that a good security professional can come from risk management or even legal if they are willing to learn the technical side. A security professional doesn't need to be an expert on everything, but they need to understand the basic concepts of everything.

Reply

[-]

PristineLab1675@reddit

Legal absolutely has a place in security. They will never be hands on incident response. Anyone who hasn’t walked the walk is going to get run around by the folks doing the work. Security finds issues and verifies fixes. If there’s an issue with your OS, a vulnerability, and the sysadmins say they fixed it with X solution the security team needs to validate that. Someone nontechnical will not be able to do that effectively.

Reply

[-]

Beginning_Ad1239@reddit

On the cissp sub I've been seeing lawyers get that cert because the overall security knowledge is helpful to them.

Reply

[-]

FlickKnocker@reddit

I think it's more to do with age/cockiness than any particular discipline. And we were all like that at some point until the scar tissue develops after having experienced a catastrophic failure or two on our watch.

Reply

[-]

cybersplice@reddit

Sounds like the skid doesn't have creds or ssh keys. That's a great start. Keep it that way. Fucking moron. Prod is not his grandma's laptop.

Reply

[-]

one_fifty_six@reddit

We're lucky. Our InfoSec manager used to be our Senior SysAdmin. And his right hand man used to be our Senior Networking. I love them both and would follow them to the gates of hell. However they also have 3 other guys. 1 is a Linux guy who worked OT. And the other 2 are college grads. I find the college kids rubber stamp and approve things 99% of the time. I find myself taking their approvals back to one of the 2 other senior guys and saying "are we sure we want to do this?" And they usually say no not quite. And then I chew on it for a bit. And I come back to the youngins saying "look I think this is what you are trying to do. Let's do this." And they usually agree. And we knock it out. I've said this before on here. InfoSec is really a buzzword right now. It's important. It's about time people start taking it seriously. But it's being over crowded by green college grads who haven't earned their wings. And I don't want to step on anyone's toes but I find they lack how all the pieces fit together. And I get it, you gotta start somewhere. But I feel like you should have to earn your stripes in SysAdmin, networking, service desk first. Like I said our 2 senior guys I adore often say "here is what we need to do. I don't care how you get it done but this is the objective and this is what we are trying to fix". And they let us figure out how to do that. Luckily for us if we are stuck or don't understand why our approach isn't working we can go back to the guys that practically built and maintained our infrastructure for the last 20 years and ask for help. And they'll help with their experience and tribal knowledge. Sorry that was quite a rant. I didn't think I had that in me.

Reply

[-]

Vektor0@reddit

Well, did you do the needful or not??

Reply

[-]

one_fifty_six@reddit

2 guys on my InfoSec team Also use this phrase. "Do the needful". I had never heard it before. I like it.

Reply

[-]

Evening-Area3235@reddit

He did it kindly

Reply

[-]

Ashamed-Ninja-4656@reddit

Only after some gift card purchases though.

Reply

[-]

Vylix@reddit

DO NOT REDEEMMMM!!!

Reply

[-]

QwertyCody@reddit

WHY DID YOU REDEEEM IT!?

Reply

[-]

CaptainBrooksie@reddit

And reverted back with same

Reply

[-]

K33P4D@reddit

sigh subtle racism on r/sysadmin

Reply

[-]

thatchicagogirl@reddit

Elite level comment

Reply

[-]

caerleon777@reddit

impossible without bobs and vegene

Reply

[-]

CaptainBrooksie@reddit

Please open

Reply

[-]

Cheomesh@reddit

I did not, please advise

Reply

[-]

funkyloki@reddit

You need to revert the same!

Reply

[-]

854490@reddit

Please, it is "revert back to me at the earliest regarding the same", kindly take care to implement the language as specificated in the grammatical documentations, this is most critical in order to felicitate the productivity of this webex

Reply

[-]

iB83gbRo@reddit

Kindly!

Reply

[-]

hihcadore@reddit

No it’s not Friday at 330 yet. Will then.

Reply

[-]

nospamkhanman@reddit

I feel like SecOps should be a tier 3 level, just like DevOps and Network etc. T1 - Helpdesk / Service Desk T2 - SysAdmin T3 - SecOps/Cyber, DevOps, SysEngineer / Arch / SrSysAdmin, Network Eng You can't be a good T3 if you skip T1&2 I've never had a good experience with coworkers that came directly from university and managed to skip T1. SecOps / Cyber people directly from university skipping T1 & T2 are NEVER good at their job, at least initially. They generally don't have the context of how anything actually works and why it was designed in the way it was.

Reply

[-]

pavman42@reddit

It's much worse than you could ever imagine.

Reply

[-]

cloudfox1@reddit

Bit of an extreme opinion based on one example dont you think? It's called common sense, some have it some don't, don't hire the ones that don't have it. I have hired plenty of grads who continue to kill it and have fundamental security knowledge. Hopefully you're not a hiring manager.

Reply

[-]

cbass377@reddit

Report X shows 1100 instances of CVE 2025-99999. Please fix.

Reply

[-]

TabTwo0711@reddit

This should be escalated to the person who is ultimately responsible for your SLAs, probably some C-level . If security wants to run stuff in prod they might put this persons bonus in jeopardy. Usually the following discussions are quiet short

Reply

[-]

FelisCantabrigiensis@reddit

"You first, bro"

Reply

[-]

oakc510@reddit

"Alright. Bet."

Reply

[-]

PebbleBeach1919@reddit

Hold my beer!

Reply

[-]

oldtkdguy@reddit

"run it!"

Reply

[-]

dark_gear@reddit

"Full send!"

Reply

[-]

battmain@reddit

Wait! You did that on a prod server?

Reply

[-]

battmain@reddit

There are IT people who have taken down prod and those who haven't...yet.

Reply

[-]

GullibleDetective@reddit

Yolo swagger'ui

Reply

[-]

Character-Welder3929@reddit

Run over to his desk with a loaded gun and see if he wants to do his first desk pop Maybe use a BB Gun because it's probably the kind to without second thought pop a round up into the next floor above and slowly come to understand how special he is How e specially fucked he is to be specific

Reply

[-]

1esproc@reddit

What kinda spicy reply gets itself removed from this sub? I'm so curious!

Reply

[-]

Character-Welder3929@reddit

I referenced desk pops from the other guys movie I said something like I bet that user would desk pop

Reply

[-]

TheDonutDaddy@reddit

The new auto scanner reddit has setup to mod everything is actually batshit insane sometimes. There was a thread a while ago and the topic was expressing gratitude in different situations. Long story short I made a comment that said "If I saved someone's life by pulling them up from hanging on a ledge and they didn't even say thanks I'd probably just push em back down" which is very obviously not real and a comment made in jest. Within 60 seconds my comment had been removed and my account was banned for a week for "threatening violence" Meanwhile keyboard warriors type up their entire fantasy of how they'd definitely go full rambo psycho and annihilate someone off the face of the earth if they ever touched their kids/wife/dog or whatever and nothing happens about them reciting their murder fantasies. No idea how that thing even works

Reply

[-]

unapologeticjerk@reddit

I got a 24 hour total Reddit posting ban for satirically quoting song lyrics - in quotation marks - as a reply to a guy saying "Eat The Rich" without any indication of his intent. I would name the song at least, but the name is also the lyric and if AI slop is moderating content, I have no doubt I'd get flagged again. I appealed for human moderation to review it and understand context - it was auto-ignored. TL;DR fuck mods.

Reply

[-]

dagbrown@reddit

Mods can't do anything about reddit's clanker-based site-wide moderation. Appealing to them is at best a waste of time.

Reply

[-]

TheDonutDaddy@reddit

The appeal doesn't go to mods, there's an appeal system for sitewide admin actions like those bans. I appealed mine pointing out my comment was obviously in jest and not a real threat and they said the suspension stays

Reply

[-]

Character-Welder3929@reddit

You didn't even get thanked and they didn't even bother to wear a suit How rude

Reply

[-]

BlackV@reddit

No don't do that, cause the new guy will run it

Reply

[-]

1a2b3c4d_1a2b3c4d@reddit

The correct answer is no. You only receive update requests that have passed change control.

Reply

[-]

Glittering-Duck-634@reddit

What you dont know how to do it? its easy 1. get root 2. curl https:xxx | bash 3. close ticket he is security guy he knows best , i would do it

Reply

[-]

lemon_tea@reddit

Problem is, nobody is willing to pay to have a mid or late career sysadmin switch into cybersec, so that experience will always be absent.

Reply

[-]

spikeyfreak@reddit

I had a security guy forward an email to me where the security team thought their tools found malware on a domain controller. About 3 emails back is, someone responded with my name and, "Look, I think it's this guy!" like I had done some nefarious. So I looked their alert, and it was that my DNS server did a lookup for a known C&C server. I told them this, and their response was, "Yeah, it's got malware!" "No, it's a DNS server. It was servicing a DNS request from a workstation. Here are the anti-virus scan logs on the server. Here is a screenshot of the registry where this malware puts some info. It doesn't have malware." "Oh. Then the DNS server it was talking to must have malware. Can you reach out to our ISP to tell them their DNS servers have malware?" Long story short, it took a week and countless emails, an in-person meeting where I drew on a white board, and a meeting with their boss before they would leave me alone. I even provided the workstation that the request came from, AND IT HAD BEEN TAKEN OFFLINE BECAUSE IT HAD MALWARE, and they still wouldn't leave me alone. Yeah, my experience with security-only techs is horrible.

Reply

[-]

SilkBC_12345@reddit

I had a similar experience. I get an e-mail that they found some suspicious ports open on a particular server. I explain that it is the Veeam Backup server and those ports are opened by/used by Veeam. I even sent them a link to the Veeam KB article that says what ports Veeam uses and what their use are. Nope, still had to run a malware scan and send them the results. I guess I kind of understand -- they are just "being sure" but sheesh.

Reply

[-]

Psychodata@reddit

![gif](giphy|r5SxJYcU21Auk)

Reply

[-]

rdldr1@reddit

Makes me wonder what motivates a large corporation to have a head of Accounting become the head of Cybersecurity or IT.

Reply

[-]

MrHanBrolo@reddit

Remember, threat actors are interviewing now, not trying to break in remotely :^)

Reply

[-]

bbqwatermelon@reddit

Phishing through the ticket system. Nice try, asshole.

Reply

[-]

PurpleFlerpy@reddit

Woooow. Just wow. Kid needs at least a lil bit of time on the helldesk. I would have run that through some sandboxes and tested before asking it to be run in prod, and have shown my work.

Reply

[-]

Sore_Wa_Himitsu_Desu@reddit

We’re a large organization with a fairly large security team. They’re mostly pretty good. My favorite story wasn’t about a new young guy. Larry was a manager in the security team who finally retired a few years ago. When the whole SMBv1 vulnerability mess started and we were told to start disabling it, Larry asked if we could just disable all SMB. I tried to explain why that was a bad idea, but he insisted we test it. So I finally gave in and said I could test with him and he thought that was great. I set up a deployment to change the reg keys. And then sure enough he confirmed that he couldn’t get to any file shares anymore and that was a problem. “Okay push a fix to me.” “How do you expect me to do that?” “Well you turned it off. Turn it on again.” “Turning it off also turned off how I would get to you to turn it back on again.” “Ummm.” We were still in the office so I just walked down to his area and fixed it manually. Then I pointed out that fixing it would be a similar manual process for everyone. That put an end to that nonsense.

Reply

[-]

blighander@reddit

Ok then, could you explain it to me so I know what we're putting onto our production environment?

Reply

[-]

IWantsToBelieve@reddit

20 years of experience in infra and security. I don't understand how security teams exist that are this immature. They should be well and truly familiar with the security controls in place prior to requesting anything. Maybe this is a control test. That being said, go easy everyone was new once.

Reply

[-]

Due_Speech_823@reddit

Oof, I feel this in my bones. My go-to response for these has become, "Sure, can you package this for our config management, test it, and submit a pull request against the dev environment with your validation steps?" Honestly, it's the only way to gently force them to learn the real operational impact of what they're asking for instead of just chucking grenades over the fence.

Reply

[-]

Wrx-Love80@reddit

Real men test in prod. You get a medal if you take all of proud down

Reply

[-]

Patchewski@reddit

We have a large, disparate, and relatively complex test environment. We call it “Production”

Reply

[-]

AndreiWarg@reddit

Our cybersec dude is integrated in our Infra team actually. He is a really smooth operator and whenever anything needs to be done, he always consults it first with our top tier network dudes first. Think we struck a goldmine with that one.

Reply

[-]

vogelke@reddit

> “Hey I found this script online, could you run it on these three prod machines for me? Feel free to run whenever. Thanks!” "Sure, right after you drop by and explain in detail what this script does and why it's necessary. You're welcome!"

Reply

[-]

fnhs90@reddit

You don't need sysadmin to determine that it's a terrible idea lol

Reply

[-]

Psychodata@reddit

No, but people need to apply common sense, and it's not nearly common enough

Reply

[-]

fnhs90@reddit

.. and you can do that without having sysadmin experience

Reply

[-]

Psychodata@reddit

The sys admin experience exposes you to the "common" experience, and teaches them common sense of they didn't have it. Or they will tend to learn through outages and incidents because they didn't. Not saying everyone will be perfect after it, of course, but you will be more likely to have them understand operational side of things with experience

Reply

[-]

wisbballfn15@reddit

Lol wow you guys are salty sometimes. If you want to understand what the script does, then read the script. If you have reason to believe the suggested method of remediation is inadequate, then state your case. If you think a security team can be replaced by a Nessus scan, it just proves how naive you are in your career still.

Reply

[-]

Psychodata@reddit

The point is that this security team member didn't do the diligence they should. If all they are doing is blindly seeing a vulnerability detection and giving Google search results, it really isn't that different from Nessus scan

Reply

[-]

Psychodata@reddit

Which, for example, I've had BOTH Nessus AND security team members insist our servers had a vulnerability, because they could "verify it" for a specific software that wasn't installed. But the"verification" was just a url path and verifying version numbers of a dependency. It was how Specific Software ABC was using the dependency version XYZ that was the problem. So it was a bad detection rule, and they SHOULD have looked HOW it was verifying it and marked it N/A

Reply

[-]

Getoutofmylaboratory@reddit

Reply that you're too smart to fall for his Phishing test

Reply

[-]

Psychodata@reddit

Oh I've literally reported some of the nonsense requests I've gotten as compromised accounts, because that is the only reason someone would be asking for something this dumb

Reply

[-]

Psychodata@reddit

Omg, and it's gotten SO much worse with AI. Security and just newer IT ready to let AI vibe code out 2000 line script, and just run wide open on Prod. No understanding WTF it does inside

Reply

[-]

unsolicited_dreams@reddit

Chief, i dont think u need one day if sysadmin experience to know not to run random shi on prod.. this is like cybersecurity theory 101

Reply

[-]

thortgot@reddit

No is a full sentence.

Reply

[-]

notospez@reddit

Lol, did that just a couple of days ago. "We've been trying to get your team to do XYZ for months blabla complaint complaint complaint nobody ever listens". "Yes I know and the answer is no. We're never going to do what you asked. No matter who you escalate to. Now that we have that out of the way, can we work together to see if we can find another way to achieve the desired result?"

Reply

[-]

DarraignTheSane@reddit

OP could expand on it in this instance. "No. Thanks for testing our team's security awareness."

Reply

[-]

JaschaE@reddit

"Fuck No!" might be a professional reply in this instance.

Reply

[-]

1cec0ld@reddit

I'm going with 'what the fuck? no'

Reply

[-]

dark_gear@reddit

Robin Williams as a sysadmin. [https://www.youtube.com/watch?v=LluJqqTEFys](https://www.youtube.com/watch?v=LluJqqTEFys)

Reply

[-]

Chehalden@reddit

ah man that made my day!

Reply

[-]

pizzacake15@reddit

I've always said this to my collegues that Cybersecurity covers a lot of IT specializations from infra to software development and some odd jobs.

Reply

[-]

No_Promotion451@reddit

Bet that's your CEOs kid , doing random stuff for work experience

Reply

[-]

cjcox4@reddit

"AI says the script is ok to run everywhere."

Reply

[-]

Talesfromthesysadmin@reddit

🫡🫡🫡

Reply

[-]

hosalabad@reddit

Sure thing, please itemize the function carried out by each line of the script.

Reply

[-]

loganmn@reddit

Our new security analyst is fresh out of school... I have had to advise him what industry we are in, who the executive team are, and how to tell where offices are, and it's becoming tiring. He is flinging out emails that look like phishing, without actually realizing it himself. At some point, I'll try to explain office politics and culture, but he's very enthusiastic, so I'm gonna let him run for a while to see what happens....

Reply

[-]

phoenix823@reddit

We had a similar dynamic going on. We have a small sysadmin team that's overwhelmed with the amount of backlog work, legacy systems, escalated tickets, and vulnerability remediation tickets. The InfoSec guy has been throwing fits for months about "why aren't all these tickets getting done ASAP? This is security and this is important!" And no amount of "they're doing the best they can with what they have" would shut him up. So I have a conversation with the CTO. We figure we've got good backups. InfoSec guy is making good money. Let's give him access to do the remediation himself and he can direct all the tickets to his own queue. What used to be a game of telephone "why is XYZ package on this server" going from InfoSec to SysAdmin to a developer is now entirely his problem. God that was so satisfying.

Reply

[-]

oni06@reddit

Yeah but does he follow change control processes when he “remediates” these servers.

Reply

[-]

phoenix823@reddit

Oh yes, he was fully deputized into all the Sysadmin practices much to his chagrin.

Reply

[-]

baaaahbpls@reddit

Getting assigned directly to me instead of queue grinds me. We have specialties and SMEs, so send it to queue and it will be assigned to someone who can help.

Reply

[-]

WilsonGeiger@reddit

Unfortunately it's not even kids in a lot of these situations.

Reply

[-]

geegol@reddit

And this kid works on the cybersecurity team? Wow.

Reply

[-]

bitslammer@reddit

While I tend to agree, and can't imagine how I would have done all the things I've done if I hadn't done things like Novell Admin to building server to configuring routers and switches, I've worked with many people who came from other areas who were great to work with. They were aware of the areas they didn't know and acted accordingly. In your example it sounds like you have someone with really no experience and who also is unaware of their limitations. To me that last bit is the real issue, not the lack to sysadmin experience

Reply

[-]

RoloTimasi@reddit

I agree that people can come from other areas and be successful, but most should really start on the support, admin, and/or engineering side before they get to the architecture or security side. I have worked with “solution architects” who didn’t really understand what they were designing and “security analysts” and a CISO who had little understanding of the actual impact of the policies they were pushing.

Reply

[-]

cederian@reddit

That was my path... I went from Help Desk -> SysAdmin -> Virtualization (VMware/Citrix/Xen) -> Cloud/Infra Architect -> Lead Security Architect. Every step in my career path teached me something important and that's why I "surpased" my peers (in the same company) or moved to another one for a better role.

Reply

[-]

NoSelf5869@reddit

> In your example it sounds like you have someone with really no experience and who also is unaware of their limitations. To me that last bit is the real issue, not the lack to sysadmin experience No, the problem is that the dude clearly doesn't understand how computers work. Helpdesk -> sysadmin would be good progression to gain it.

Reply

[-]

skotman01@reddit

Security manager here, with decades of sys admin and infrastructure experience…it floors me daily the things that come out of my peers and bosses mouths. I spend most of my day making sure security doesn’t arbitrarily give the other side of the house useless work. The other side of the house loves me because I take the time to explain it, and my guys know I’ll come down on them for asking someone to do something they don’t fully understand. And automation? Yeah that’s a failure all around.

Reply

[-]

smg8088@reddit

Reminds me of the IT Security team at my last company. They got all the funding and most of them were pretty terrible at their jobs. Pretty much anything technical got sent to the SysAdmin team because they didn't know how to actually implement anything. The war between Security and Systems got so bad my director finally quit after 8 years at the company. Worst Security team I've ever seen in over a decade working in IT.

Reply

[-]

I_COULD_say@reddit

My only real gripe with info sec is how they expect you to drop everything and fix their thing ASAP but if you request anything from a service / app they own, it takes them a week to get to it.

Reply

[-]

Resident-Artichoke85@reddit

The ticket would be rejected and both of our supervisors notified that this is unaccepted. We don't run random crap scripts from the Internet for grins and giggles.

Reply

[-]

halford2069@reddit

baffling how most have no programming experience either

Reply

[-]

Ansible_noob4567@reddit

We got a fkn intern doing pen tests. We dont have security. We have the illusion ofit

Reply

[-]

gordonv@reddit

**Same Kid:** Oh, a random pill on the ground. I'm going to eat it.

Reply

[-]

blissed_off@reddit

I have a hard time respecting infosec and it’s because of dumb shit like this.

Reply

[-]

newbies13@reddit

Everyone on my security team is basically an expensive copy and paste button between security scanner and ticketing system... I've pitched replacing the whole team multiple times and been told by the CISO that he super swears they are actually doing more... somewhere... somehow... But swear to god they can't even do that sometimes, I got an email recently that was literally a screenshot of a line graph and a subject of "Zero day remediation progress" .... uhhh cool man... coooool.

Reply

[-]

Dry_Common828@reddit

Yep. This is why us old hands keep saying that security doesn't have entry level roles as such, you need a few years as a sysadmin, or network engineer, or developer, or auditor. That way you get to understand what's going on - it's an old saying but a true one, that you can't secure what you don't understand.

Reply

[-]

mycall@reddit

Depends what type of Cybersecurity you are talking about. RF attacks can take various forms, including jamming, replay attacks, and command spoofing, DDoS or C2 usurping. Protocols like Bluetooth Low Energy (BLE), Zigbee, and Wi-Fi are particularly vulnerable, as demonstrated by past exploits such as SweynTooth, BlueBorne, and KeySniffer.

Reply

[-]

Siritosan@reddit

![gif](giphy|VzkTZ1DFYeBY5ZId6j)

Reply

[-]

GiarcN@reddit

Report it as a security breach/phishing attempt. “This user is attempting to have me run untested/unauthorized scripts”

Reply

[-]

Lekanswanson@reddit

Me starting as a Junior in cyber security without ever being a sysadmin, takes this post personally 😂😂 Been working as a Network support engineer for last 2 years though so hopefully that will help the transition lol Funnily enough I came from a software dev background so this is new area for me but I'm looking forward to it

Reply

[-]

Typical-Sale-1891@reddit

Comment the script out and send it back. Say this script was run, but nothing happened. See is they catch on.

Reply

[-]

The_Wkwied@reddit

"Hey, I know you found this script online, but can you explain everything to me like I'm a bloody moron who runs scripts that I find online, line-by-line? Just so that we both know that *YOU* know what this script is going to do. Wait, huh? You don't know what the script does? Neither do I, and our company doesn't run scripts that we find online that we don't know what it does."

Reply

[-]

lordjedi@reddit

> Links to some random blog post, script requires some package dependencies to be installed, script ends with a reboot command, bunch of cURLs & chmod’s in it. Point and laugh. As a security guy, he has no business asking you to do such a thing. "If you don't know what the code does, you don't run it until you do".

Reply

[-]

thehalpdesk1843@reddit

I was just ranting to my boss about this yesterday. I work on a security team and at my place i have several people on our deskside support team and one on my security team where its very obvious they don't have a clue what they are doing. They chatgpt/copilot almost everything and are unable to speak in depth about anything when you give them push back/ask them for clarification. I'm not sure if others are experiencing this but its starting to become a real problem.

Reply

[-]

slippery_hemorrhoids@reddit

Sounds like he's perfect for security.

Reply

[-]

Pyrostasis@reddit

![gif](giphy|2XflxzCQnpPwIzcLVxS) Upper management written all over him!

Reply

[-]

1esproc@reddit

CSO in 5

Reply

[-]

ipreferanothername@reddit

i get alerts when i modify a gpo we get tickets when old legacy servers are missing some random old patch i dont get anything when the security teams apps are out of date, or their legacy AV is still running, or their certificates are non existent.

Reply

[-]

extremetempz@reddit

I'm in Sec now, however I did infra for 4 years before moving. I've only started recently but I've tried to not burden my infra guys so I do my own remediation. I usually bring it up in standup say in the next couple of days I will put this in PRD, most of the time they have questions about what it might affect but that's about it.

Reply

[-]

therealatri@reddit

I would just say ok and not tell them that those machines don't exist

Reply

[-]

xxDailyGrindxx@reddit

I haven't had that problem, since we've installed security solutions in our environments, but my biggest frustration was "SecOps" folks assigning me me tickets to review/comment/address their security scans without reviewing it themselves which, in at least half the cases, would have been self evident...

Reply

[-]

Frothyleet@reddit

Run it through change management, and mention the process issue to your boss, so he can take it to the kid's boss to make sure he understands how those requests are supposed to work.

Reply

[-]

moffetts9001@reddit

My infosec team is too busy blindly assigning rapid7 and defender for cloud remediations to have any time for tasks like this. They can run their own StackOverflow code.

Reply

[-]

Renek@reddit

All of the best pen testers are former help desk, sysadmin, networking, or software developers. You can't break it until you know how to build it.

Reply

[-]

TheRealJackOfSpades@reddit

The best way I've seen to get a secrurity team is through finance. * If security asks anyone else to do work, they pay for that person while they do the work. * If security remediation causes outages, performance degradation, etc., they pay for the lost production. * If there's a breach, security pays the cost. It forces the security manager to assess risk and benefit and make rational decisions. As a former manager, "it's coming out of your budget" is a powerful phrase.

Reply

[-]

scriptmonkey420@reddit

Someone wanted to increase the SMS magic link timeout to 20min from 5 min. I strait up said no. Got lots of push back but I would not budge. People are so ignorant of actual security.

Reply

[-]

Generico300@reddit

There is a glut of incompetent "security" bros because it has now been many years since it became one of the sectors that people are told pays well when they're trying to decide what college program to take.

Reply

[-]

nestersan@reddit

Nothing like the emergency request to fix a zero day for something not even in your environment.....

Reply

[-]

technicalityNDBO@reddit

We got dinged on a Pen-test for not having Dynamic ARP inspection on our Catalyst switches. Dude literally says that it's an easy fix and it's usually "just ticking a box on the router"..

Reply

[-]

_Insightful@reddit

I can’t tell you how many times I’ve worked with my security team only to realize how dumb they are in other categories of IT. Like sending me random AWS commands for rotating the encryption key on an EBS volume, only to find out they pulled it from Copilot, which doesn’t take into account that EBS volumes can’t just be key rotated and require you to snapshot them, recreate them with the new key, then stop the instance to swap volumes.

Reply

[-]

baconthyme@reddit

Open a ticket with the security department saying there's an obvious case of stolen identity/credentials and lock his account out at the same time. Reason is that no one in security would ever ask someone to do that in real life. Make him justify his actions.

Reply

[-]

flunky_the_majestic@reddit

Have you considered he might be a young go-getter taking the initiative to start his own red team program?

Reply

[-]

e_karma@reddit

That is how request to shut down DNS service on a DNS server happens

Reply

[-]

BigBobFro@reddit

Oh my hell. Even if only a junior analyst tried to do this on my team,.. id transfer him back to help desk so fast,…. Hed think he was in a time machine. Script like that,.. every package and every curl is documented and evaluated before even running in a sandbox.

Reply

[-]

HerfDog58@reddit

You have a security TEAM?

Reply

[-]

Cheomesh@reddit

Larger organizations tend to. Mine does, of which I am a member.

Reply

[-]

HerfDog58@reddit

I'm certain almost EVERY workplace has some kind of security person these days. My employer, with over 5000 end users, has a few people that do some kind of "security" tasks, but not a dedicated person or team. I should have put a "jealous" emoji on the end of my response ;-)

Reply

[-]

Cheomesh@reddit

Hah fair

Reply

[-]

Hotshot55@reddit

We have multiple security teams.

Reply

[-]

HerfDog58@reddit

MULTIPLE teams??? Holy Crap, my workplace doesn't even have a dedicated PERSON. We've talked about hiring one for a few years, but we just entered a budget cycle with a mandated hiring freeze.

Reply

[-]

Joe_Dalton42069@reddit

This is obviously a test op :D

Reply

[-]

catwiesel@reddit

"No. And dont ever come to me or anyone else again until you explain to me, in detail, why I said no."

Reply

[-]

kosta880@reddit

He didn’t say please… so.

Reply

[-]

brianozm@reddit

Ir would depend a lot on what the script does. Is it fetching something and installing it? What is it supposed to be fetching and what does that do? How can you/your sysadmin verify the script and how can you verify the file being fetched? Is there a signature for the valid file? Wouldn’t this be something the development team handles in conjunction with sysadmins?

Reply

[-]

Such_Reference_8186@reddit

And he is still working there?

Reply

[-]

Affectionate_Ad_3722@reddit

Yes, why not? Teaching and training is cheaper than re-hiring.

Reply

[-]

Lost-Droids@reddit

Sure, however please complete this risk assessment and very for assessment for every package and the entire script including the 3rd party external pen test we get before running anything

Reply

[-]

GeekgirlOtt@reddit

This is when you start fighting to get a change control scrutiny process established. I'd also be worried this kid has his account hacked, do I'd be approaching him to talk in person... ensure it's legit from him and find out what he was thinking / give him the lay of the land (rules).

Reply

[-]

I_T_Gamer@reddit

We do not support our environment in vacuum. I would schedule random reboots on this persons machine. Just so they can get a feeling for what a reboot can do to a user's daily routine..... ![gif](giphy|elsol3P5Jt2ASsxLva)

Reply

[-]

marklein@reddit

To give another perspective, that's part why the sysadmin team exists; To turn the fever dreams of other departments into functioning reality, when possible, and to tell them 'no' when it's not. The sales team doesn't understand why open RDP on the internet is a bad idea *and doesn't need to* because they have your guidance. The security team is really no different. Bonus points for a sec team that DOES have admin understanding, but you can say that about all departments.

Reply

[-]

Elminst@reddit

Assign it back to the team queue and tag their manager in it.

Reply

[-]

radraze2kx@reddit

Ahhh the next generation script kiddies have reached hiring age...

Reply

Reply to Post

343 Comments