I am thrilled to announce that I like this comment!
October 28, 2025 at 3:52 PM
I am thrilled to announce that I like this comment!
Or is today the best day to make changes to prod since you have a scapegoat?
October 20, 2025 at 7:11 PM
Or is today the best day to make changes to prod since you have a scapegoat?
IMO outsourced SOC can be a terrible idea. Many vSOCs are low quality and do not care about architecture, and the company forgets. There are always massive blindspots, and the focus becomes stasis and service delivery, not security improvement
September 13, 2025 at 12:00 PM
IMO outsourced SOC can be a terrible idea. Many vSOCs are low quality and do not care about architecture, and the company forgets. There are always massive blindspots, and the focus becomes stasis and service delivery, not security improvement
An increasingly relevant movie
Idiocracy Electrolytes GIF
ALT: Idiocracy Electrolytes GIF
media.tenor.com
August 20, 2025 at 1:36 PM
An increasingly relevant movie
August 19, 2025 at 12:58 AM
We used to have to manually take snapshots and manually replicate them to other regions, especially if we wanted RDS to stay longer than 35 days.
Detailed WAF logs to S3/CWLG required a firehose lambda to manually process each batch of events. (SES still does!)
Detailed WAF logs to S3/CWLG required a firehose lambda to manually process each batch of events. (SES still does!)
August 13, 2025 at 12:44 PM
We used to have to manually take snapshots and manually replicate them to other regions, especially if we wanted RDS to stay longer than 35 days.
Detailed WAF logs to S3/CWLG required a firehose lambda to manually process each batch of events. (SES still does!)
Detailed WAF logs to S3/CWLG required a firehose lambda to manually process each batch of events. (SES still does!)
IMO the issue is CloudWatch pricing. Sending them to S3 can be relatively cheap, especially with the right storage tier. CloudWatch is ~25x S3 base per month, and you pay that on ingest too. We always turn them on and send to S3 for compliance, but they are never used
August 5, 2025 at 1:45 AM
IMO the issue is CloudWatch pricing. Sending them to S3 can be relatively cheap, especially with the right storage tier. CloudWatch is ~25x S3 base per month, and you pay that on ingest too. We always turn them on and send to S3 for compliance, but they are never used
That's what I thought! But somehow it was active in another tenant that was supposedly created at the same time as mine. Maybe the verification code was the same and I verified the other? Very odd. I just realized I still have the screenshots too haha
July 25, 2025 at 10:36 PM
That's what I thought! But somehow it was active in another tenant that was supposedly created at the same time as mine. Maybe the verification code was the same and I verified the other? Very odd. I just realized I still have the screenshots too haha
Glad you were able to help him! When setting up my tenant in 2019, the sign up page had a bug that double created tenants, effectively locking my domain. It took ~8 hours of phone calls to convince MS that there was a bug! I don't know what a non-tech person would have done. Try GSuite instead? 😄
July 25, 2025 at 12:16 PM
Glad you were able to help him! When setting up my tenant in 2019, the sign up page had a bug that double created tenants, effectively locking my domain. It took ~8 hours of phone calls to convince MS that there was a bug! I don't know what a non-tech person would have done. Try GSuite instead? 😄
Which btw the top of my wish list is for the org creation UI to encourage creation of a new account instead of promotion of the existing one
July 16, 2025 at 2:17 PM
Which btw the top of my wish list is for the org creation UI to encourage creation of a new account instead of promotion of the existing one
I run into this a lot when orgs promote their sole prod account to an org mgmt account. They half migrate and get stuck on buckets and then call me. This would help a lot! One concern is a threat actor doing this, but that is low risk imo because they can already empty a bucket etc.
July 16, 2025 at 2:15 PM
I run into this a lot when orgs promote their sole prod account to an org mgmt account. They half migrate and get stuck on buckets and then call me. This would help a lot! One concern is a threat actor doing this, but that is low risk imo because they can already empty a bucket etc.
Nice write up. I noticed you say that the admin consent workflow requires Entra ID P1. Is that true? I might be just missing it, but I cannot find it in the docs or on the licensing map.
June 29, 2025 at 5:12 PM
Nice write up. I noticed you say that the admin consent workflow requires Entra ID P1. Is that true? I might be just missing it, but I cannot find it in the docs or on the licensing map.
It's way over-hyped on the sales side. Highly sensitive use cases may care if their data may be captured today for decryption in the future, especially if the traffic is traveling through foreign nodes. But that's probably a niche market and doesn't justify a third-party solution IMO
June 9, 2025 at 7:28 PM
It's way over-hyped on the sales side. Highly sensitive use cases may care if their data may be captured today for decryption in the future, especially if the traffic is traveling through foreign nodes. But that's probably a niche market and doesn't justify a third-party solution IMO
They said their content moderation strategy is AI. They forgot to mention that AI stands for Acting Irresponsibly
June 6, 2025 at 11:10 PM
They said their content moderation strategy is AI. They forgot to mention that AI stands for Acting Irresponsibly