About to record a middle school band concert.

@mlnews said in Miscellaneous Tech News:

Microsoft issues urgent security warning: Update your PC immediately

Microsoft is urging Windows users to immediately install an update after security researchers found a serious vulnerability in the operating system.
The security flaw, known as PrintNightmare, affects the Windows Print Spooler service. Researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting it. The researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer. They published a proof-of-concept online by mistake and subsequently deleted it -- but not before it was published elsewhere online, including developer site GitHub.

Have we not known since the beginning of time that printing is evil?

Continue reading DNS and BIND.

Heard about this article on a Crosstalk Solutions video today:

https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/

I look forward to the day where I might be supporting a FreePBX system rather than Altigen MaxCommunication Server 8.

@IRJ Bonam fortunam!

My Dell R310 has arrived

This has been such a great thread to read, as I can empathize with @wirestyle22 with the knowledge and self-expectation problem. And I can empathize with the OP with trying to determine a direction.

@scottalanmiller said in What Are You Doing Right Now:

Some serious silliness.

https://community.spiceworks.com/topic/1986356-full-disk-encryption-with-no-pre-boot-password

Wow. I wonder if this would go in the server room that has the locked door that you can open without using any kind of key.

Application for the LLC has been submitted. I ended not up not creating a separate document for the Articles of Orgnization, as the Georgia Secretary of State Corporations Division has an online form for creating a new business. Only tricky part was making sure you do your signature as a member (owner) rather than just an organizer.

Now I wait.

@scottalanmiller Post comes across to me as inexperienced and not really getting what the actual problem is; however, the tone and attack pattern used is unacceptable. You were in the right to return him to reality.

Eddie Jennings Services, LLC now exists.

<vent>
"I've been doing $task for $amountOfTime" does not always equal knowledge/understanding.
</vent>

After reading critiques from the past and getting to know some folks in the community, I've learned that I can trust folks' opinions to either provide good guidance or at least point me in the right direction; thus, I'd like your opinions on a recent re-write of my resume.

Edit:
Version 1
Version 2
Version 3
Version 4

It took a while to just express stuff on paper (normal for me as a writer), and I look forward to what it becomes with my own edits and your folks' suggestions.

Background
I changed careers from public school teaching (middle school band director for eight years) to IT four years ago; thus, this is my first resume solely based on IT, rather than being a "career changer's resume." One major thing with which I've struggled is determining what skills to and not to list, as I don't want to give the impression I'm a master of X, yet at the same time, I'm not completely clueless. I imagine a reader of the resume will see only a few years of IT employment and make the assumption that I cannot possibly have the same level of skill as a 10 year veteran.

Explanations
I also struggled with the "Freelance IT Professional" section. Over two Thanksgiving holidays, I aided a friend of mine with some network work for the Town of Appalachia government. I, myself, was not hired by the town. In the scheme of things, the work wasn't significant; however, I'm operating on the premise of being able to show some experience is probably better than no experience.

End Goal
As my ML profile indicates, I want to know (and do) all t3h thingz; however, the reality is there simply aren't enough years in a lifetime to learn everything I'd like to learn. Over my first four years in IT (the last year really being awakened to what "real" IT is), I've determined that doing pure 100% networking isn't what I want to do (despite my training from technical school and couple of certs), neither is 100% help desk / end-user support. I'm wanting to move in the direction of systems administration within a Linux environment.

At least in the Atlanta area, it seems unlikely for me to land some kind of junior Linux administration position from which to grow; however, I do need to take into account that most job postings are fake. Ideally, I can land such a position, but if not, then my next position would be one with more system administration and less help desk responsibilities, while I continue learning Linux skills on my own.

@NerdyDad said in What Are You Doing Right Now:

@EddieJennings said in What Are You Doing Right Now:

@NerdyDad said in What Are You Doing Right Now:

@EddieJennings said in What Are You Doing Right Now:

@NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening.

Win for you, fail for Dokuwiki for not properly setting up encryption before sending authentication credentials, such as SSL.

Now that being said, I'm not using https right now. I think even if I did configure SSL, which would encrypt traffic from me to dokuwiki, traffic from dokuwiki to my domain controller would still be unencrypted.

That is true. However, with Kerberos, it would be one more level of security instead of open creds. But lets look at the bigger picture here. We're inside of your network already. What is being kept on this wiki? How-to's? Not really that important. So probably don't need Kerberos security on a bunch of security manuals. If your users are using wireshark to try to get them into your wiki, then you either need to hire them into the IT dept or fire them. Your choice.

Ha! Alas, most of my users (other than the IT folks themselves) who'd be using this probably don't know Wireshark exists. Stuff that in a bunch of text files on our IT share is going into the wiki, and I can control access to pages from within Dokuwiki, as I don't think the average sales person needs to the see a document of "How to configure the web server."

At this point, my quest is more of curiosity and learning of what traffic is visible when folks authenticate on their workstations against AD.

@Dashrender
It's all a part of my grand plan to be mentioned on a ML review video

On another note, home DNS server is now functional, so back to editing and job searching.

@RojoLoco All. When you major in saxophone you have play everything, but most of my time was spent on alto and tenor. I played only tenor through middle school and most of high school.

Yeah. I was focused on how MS Office development could possibly be related to the titles listed.

Or maybe a 4th option and figure out how to authenticate against AD using kerberos.

I might have read the tone of your post wrong, but I feel compelled to share my philosophy on certs.

"Chase the skill, not the cert."

Take some time and effort to think through some goals ("Cybersec world" is quite large). Afterward, think through the skills you need achieve the goals. Lastly, determine how to develop the skills. That step is what leads you to find a cert that can provide a curriculum for learning what's necessary to develop the skills.

For example.

So now I have made up my mind to pursue both CISSP and CCSP. I read that CCSP is a nice compliment to CISSP even though most of CCSP information overlaps with some of CISSP.

If you haven't done so already, be able to describe what specifically you hope to learn from going through those certs, and how it helps you achieve the $goal. If you can already describe this, great! If not, you might save yourself some time and money by taking a step back and thinking stuff through, which it sounds like you did with the Fortinet certs.