They should be required to do audits and pen testing yearly due to requirements of government systems. It sounds like solar winds worked with pen testing firms that that just gave passing grades. Sometimes organizations purposely hire bad security talent so they don't get exposed as doing a bad job. Some security firms are just happy to get a big customer's pay check, especially when they just give a thumbs up with no work being done.
Posts made by IRJ
-
RE: Solarwinds Blames Intern for Laughable Passwordposted in News
-
RE: Sell the business??posted in IT Discussion
@scottalanmiller said in Sell the business??:
@IRJ said in Sell the business??:
@Dashrender said in Sell the business??:
@wirestyle22 said in Sell the business??:
@siringo said in Sell the business??:
I am the sole support person for a medical clinic business. I've been supporting them for around 7 years.
When I started it was a simple 2 server business with 1 external site and in house Exchange.
Now they have 7 sites and all the things that go along with that.
I'll be wanting to get out of this IT game in about 4 years & spend my days on the beach.
So the question is, how do I go about finding someone to take over the support of this client without doing myself out of a job & income before my beach days arrive?
It's not just about trying to find an alternate support solution for what happens in 4 years, it's for now mainly, due to me being the only person who knows their entire IT setup. If I get hit by that bus, they will be in trouble.
The business has sites in rural areas which from time to time will require on site visits, so more than online only support will be required.
Should I sell the support service as a business? If so, how do you work out what it's worth?
Just interested to hear the thoughts of others.
I'd probably create as much documentation as humanly possible and hand it over to an MSP that you vet. Getting rid of the single point of failure (you) is important. Your documentation is what dictates how smooth the transition will be.
huh - Not sure I'd give it to the MSP - instead give it to the business, let them decide who it needs to go to... if you can be part of the vetting process for your replacement, great, if not, not your concern.
I agree with you dash. Who gives a fuck if you're retiring and hand over documentation.
Well, his job NOW is to care. So he's doing the right thing. Once he leaves, sure, THEN he doesn't care. But until he actually does leave, he's paid (presumably) to care a lot and that's what he is doing. So this is the perfect discussion to have now.
I did say to hand over documentation. It sounds like he doesn't even have that. We all agree that documentation is his job. So that he can walk out the door one day and not care what happens after that moment. He can feel confident giving the company documentation that is well written and available for anyone.
That's why I said hand over documentation. Other than that don't give a fuck because as you and I mentioned the "company" is worth zero. So why put in any effort into finding a replacement. Someone will always take the work.
-
RE: Sell the business??posted in IT Discussion
@Dashrender said in Sell the business??:
@wirestyle22 said in Sell the business??:
@siringo said in Sell the business??:
I am the sole support person for a medical clinic business. I've been supporting them for around 7 years.
When I started it was a simple 2 server business with 1 external site and in house Exchange.
Now they have 7 sites and all the things that go along with that.
I'll be wanting to get out of this IT game in about 4 years & spend my days on the beach.
So the question is, how do I go about finding someone to take over the support of this client without doing myself out of a job & income before my beach days arrive?
It's not just about trying to find an alternate support solution for what happens in 4 years, it's for now mainly, due to me being the only person who knows their entire IT setup. If I get hit by that bus, they will be in trouble.
The business has sites in rural areas which from time to time will require on site visits, so more than online only support will be required.
Should I sell the support service as a business? If so, how do you work out what it's worth?
Just interested to hear the thoughts of others.
I'd probably create as much documentation as humanly possible and hand it over to an MSP that you vet. Getting rid of the single point of failure (you) is important. Your documentation is what dictates how smooth the transition will be.
huh - Not sure I'd give it to the MSP - instead give it to the business, let them decide who it needs to go to... if you can be part of the vetting process for your replacement, great, if not, not your concern.
I agree with you dash. Who gives a fuck if you're retiring and hand over documentation.
-
RE: Sell the business??posted in IT Discussion
@black3dynamite said in Sell the business??:
@siringo said in Sell the business??:
If I get hit by that bus, they will be in trouble.
That's not good, how up to date is your documentation, disaster plans, etc...
Yeah basically if you do these things you don't have to worry about what happens when you retire to the beach.
I doubt you can sell them as a client. Maybe if you had tens of clients you could sell the business. But with one SMB client, it's not worth much.
If that customer decides to cancel then they would lose everything you sold them. Which is why no one is willing to buy one SMB client. I'm sure you can find someone who can I take over for free, but I'd only worry about that on my way out.
-
RE: Notification mail in linux?posted in IT Discussion
@Pete-S said in Notification mail in linux?:
Or is email perhaps not a good way to get notifications when there is a problem?
Maybe email in this manner is old-skool and it would be better to use something else?
Like external log server, system monitoring (Zabbix) perhaps?Yeah I would use SIEM. Then you'd create and manage your alerts from there. You could send to email, slack, etc.
You can use postfix for alerting as JB mentioned. I use postfix on the my personal servers because I don't manage enough to justify a SIEM.
-
RE: Oracle Linux Installation and performance seems insanely badposted in Water Closet
@DustinB3403 said in Oracle Linux Installation and performance seems insanely bad:
Just because something may be supported, doesn't imply that it is support.
-
RE: What do you use for petabyte storage?posted in IT Discussion
@DustinB3403 said in What do you use for petabyte storage?:
I just use the empty space in between Obsolece's ears
I tagged him because you're too scared to do it.
-
RE: MPLS alternativeposted in IT Discussion
@hobbit666 said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
1990's LAN-based thinking. Modern networks with security are zero-trust (aka LANless) in design and VPN/MPLS would not serve any purpose.
I'll put my hand up and agree this is me, but will be looking at LANless/zero-trust on Monday and learn what it means fully.
Yeah that's really the only route to go anymore
-
RE: Creating email signatures?posted in IT Discussion
Use text only. You don't want any images or formatting.
-
RE: Security Information Event Management (SIEM)posted in IT Discussion
@JaredBusch said in Security Information Event Management (SIEM):
@IRJ said in Security Information Event Management (SIEM):
I'm surprised nobody has mentioned elastic yet.
There's an open source version and a free version (more features).
I did not mention it intentionally.
Because it is too complex to use as a SEIM unless you already know a lot about it.
Elastic basic (free) is pretty simple. Open Source version requires a bit more knowledge and integration
-
RE: Security Information Event Management (SIEM)posted in IT Discussion
I'm surprised nobody has mentioned elastic yet.
There's an open source version and a free version (more features).
-
RE: Is Open Source Really So Much More Secure By Natureposted in Water Closet
@DustinB3403 said in Is Open Source Really So Much More Secure By Nature:
The point of bring in someone like myself, @JaredBusch
-
RE: Anybody interested in doing ML Secret Santa?posted in Water Closet
Thanks to everyone that participated.
It was fun, however one person did not receive a gift. Can we please make sure that gift gets out. Please add tracking to elfster once sent.
@JasGot @JaredBusch @Aaron-Studer @Dashrender @EddieJennings
Thanks guys and I hope to do it again next year.
-
RE: I bypassed my jobs security restrictions...posted in IT Discussion
@ls_tech said in I bypassed my jobs security restrictions...:
I used my knowledge to bypass these things and learn about the way the network structure works (they blocked the network map) which is very interesting to me considering it is a private A-class IP so took interest in what I can see within my companies network like the forestroot.local (Host). Today I accessed the control panel and found som, and found there's 5 primary DHCPs/sites it changes between) i found interesting ways to get around some of the administrator restrictions functions they missed to block(i decided to optimize thin-cliant for performance, seems to made a difference), which I assume they cant simply block because its local settings but it give viewing rights even in security logs, (so many different users on these logs). I'm curious if a administrator finds my logs of the different accesses I've been through. Am I risking termination or is a curious mind good for their security, recently we upgraded our systems to Windows 10 and I was the one to be the bug tester and work with IT on everything.
Did you really bypass anything? Other than seeing DHCP servers, which is easily done by checking your ipconfig. What have you actually done?
I'll be honest, if I'm IT and somebody comes rambling to me like this, I'm just going to ignore it.
I do think it's awesome how you are trying to learn how things work, and it does seem like you have some knowledge. However, I think you have more studying and learning to do before you think about breaching networks and reporting security issues.
Everyone has to start somewhere and you seem to be learning fairly quickly for Helpdesk. Just keep your head down and keep learning, you'll be there soon.
-
RE: Miscellaneous Tech Newsposted in News
@Danp said in Miscellaneous Tech News:
GoDaddy wins our 2020 award for most evil company email
Whatโs the cruelest prank you can make on employees who are struggling during a global pandemic when millions of people have lost their jobs or lives? GoDaddy โ a web domain registrar once best known for its sexist advertisements โ tried to find out when it sent employees a fake email informing them theyโd receive a $650 holiday bonus.
There is nothing cruel about doing a phishing test. Using monetary rewards is also quite common.
-
RE: Azure or 0365?posted in Water Closet
@scottalanmiller said in Azure or 0365?:
I'd be pretty okay hiring someone with only a cert in O365, it's not touching infrastructure. But hiring someone with only a cert in Azure would be pretty scary.
And that's exactly what I said earlier, it's much easier to get a junior level position that utilizes O365
-
RE: Azure or 0365?posted in Water Closet
How many times have we had this discussion of you asking what to learn? We go back and forth about it and you never end up choosing either path or leaning anything.
You also aren't new to IT anymore. You should know these concepts by now.
Asking questions and making conversations is great, but shut up and learn also works well. Nobody is going to spoon feed you information. You can go to Udemy like everyone else and buy a course on a subject you want to learn for $15. Go through that course 2 or 3 times then come here and start asking questions.
You'll get better answers when you ask specific questions and have some knowledge on topics.
Not tryjng to be mean at all. It's just time to get out of the high chair and take off the bib.
-
RE: Azure or 0365?posted in Water Closet
@Obsolesce said in Azure or 0365?:
@IRJ said in Azure or 0365?:
@Obsolesce said in Azure or 0365?:
It doesn't matter where u are at your job. Your job and career are two totally separate things. What do YOU want to do? Do you love email and AD? Is that what you want to deal with? Then sure, steer your career that way.
I disagree with you here, bud. You can from hardware grunt to DevOps engineer. You gotta take some steps on between.
If you are a car mechanic, and want to become a surgeon, do you start with learning heart surgery or start with the basics.
Let's try this one...
If you're a grunt changing oil at tire kingdom and you want to do custom builds for people, you don't learn about body work and painting until you've mastered mechanics.
Do people who do body work and custom paint jobs make wayyy more money... Yes they do. Should he strive to be that? Yes
But you can only take logical steps to get thee. You could learn basics of painting a car or you could learn how to troubleshoot fuel related issues in a car. Which one of those will provide a better stepping stone and still be relevant to building custom cars and allow you to advance to next level. You need to understand fuel troubleshooting to become a Ford/Honda/whatever mechanic.