0x269

I’ve trained many analysts over the years - inside my own teams, in SOCs, CERTs, and various internal security teams. And lately, I’ve been noticing a trend that deeply saddens me. There’s an increasing number of young professionals who struggle with the grind of our work. They get simple but necessary tasks - tasks that transform indicators, rework detections, or retrieve and process data - but they return flawed results, late and incomplete. Some even let AI do the work without checking if it's correct. And when I ask why, the answer, directly or indirectly, is often the same: "I want to do the exciting stuff." But the truth is, 97% of what we do in cybersecurity is not exciting. It's slow, repetitive, and requires patience. We grind through logs, extract data from reports, and refine rules. Most of the time, we don’t see the direct impact of our work. A signature written today might detect something crucial in a customer’s system six months from now, and we’ll never even know. But every small piece matters. What saddens me is not just the impatience, but the lack of care. The unwillingness to put thought and effort into something seemingly simple. The failure to reflect on how to make a task better. This goes against something deeply ingrained in my upbringing - a principle that I believe is also deeply rooted in both German and Japanese culture. In German, my grandmother would always say: "Mach es gescheit." It’s hard to translate precisely, but it means: Do it properly. Not just complete a task, but do it in a way that is solid, thoughtful, and more than just "good enough." It doesn’t mean perfection - it means putting care into what you do, even if no one else will notice. The Japanese have a similar philosophy, one that I greatly admire. There is a word, "shokunin" (職人精神), which means more than just "craftsman." It describes someone who dedicates themselves fully to their craft, always refining, always improving. Even in the smallest tasks, a shokunin finds a way to do things better, not because someone told them to, but because they take pride in their work. I was reminded of this when I thought about my uncle, who was a carpenter. When I was a child, I watched him finish his masterpiece for his final exam - an intricately crafted dresser. After days of sanding, polishing, and checking every tiny detail, he wasn’t done. He took out a small, hand-carved wooden rose, which he had made separately, and carefully placed it on the dresser’s ledge. It wasn’t required. No one had told him to add that ornament. But he did it because he cared. Because he wanted his work to be more than just acceptable. And this is what I want to see in young professionals today. It’s not about making flashy things, or chasing after excitement - it’s about taking pride in your craft, even in the smallest details. Because in the end, that’s what makes a difference. So my advice is this: Whatever you do, do it gescheit. Do it like a shokunin. Put care into your work, even if no one else will see it. That’s how you grow. That’s how you build trust. And in the long run, that’s what will set you apart.

Dear friends, You do not need someone like me to do an Entra ID/M365/Azure assessment if you have not gone through CIS M365 and Azure foundational benchmarks and applied as many benchmarks as your business needs allow, as well as cnofigured Conditional Access Policies that Microsoft has templated for you. CIS Benchmarks largely overlap with SCuBA Guidelines and M365/Azure Security recommendations from Microsoft. They are created from a consortium of industry experts in all verticals from around the world. They do not tell you how to exploit configurations, but know that most of the recommendations are based on the ability to exploit lack of certain settings in different ways. Please do this before you hire a consultant for a penetration test or a security assessment. Help us help you more. We will still find things to help improve the security of the tenant, even with these applied. The benchmarks are free and can be downloaded from here: https://t.co/fNzXbEd1O1 If you have an M365 Business Premium license, this comes with a P1 license for Conditional Access and most E3 Level 1 and E3 Level 2 benchmarks can still be applied. Most orgs cannot use Security Defaults because it does not meet their business needs. Once you disable them, you have to add the security yourself. CIS Benchmarks will help you get most of the way there. Nessus scans check for these but most need a manual review based on individual configurations and business needs, and most results come back informational due to the "Manual" check requirement in the benchmarks. Nessus scans are still great though because they map the benchmarks to compliance frameworks as well. Once this is done, THEN hire someone like me to help you test, further harden your tenant, and reveal your blind spots. I want to make sure you get the best value for your money spent. People like me can do much more than just review configurations for hardening purposes. These are the basics. MS Cloud is hard. You can also use https://t.co/V85n8redYx and https://t.co/iRUzS2nuxh to learn all the internet facing endpoints. Many organizations don't realize just how many access points from the internet exist. These are the best things you can do in lieu of SC-300 (Identity and Access Management), AZ-500 (Azure Security Engineer), SC-200 (Security Operations Analyst), and SC-100 (Cybersecurity Architect) certification learning material from Microsoft which takes a really long time if you don't know cloud already: