scottpack

@[email protected]
337 Followers
363 Following
2K Posts

Just some guy hoping to reduce risk, avoid liability, and not take things too seriously while we do it. I mostly talk or read about Security Engineering and Homebrewing. Tha Ghàidhlig glè beagan agam ach tha mi ag ionnsachadh.

At best my own thoughts, totes not employers. (he/him/e/esan)

Bloghttps://secopsmonkey.com/
Twitterhttps://twitter.com/packscott
BrakeSec SlackBrakeSec.slack.com
BrakeSec Discordhttps://discord.gg/brakesec
scottpack6d ago
Long Live MoonjoyMay 28

welp, I got laid off.

if anyone you know is looking for a slightly-used computational linguist -- remote or in #Syracuse, NY -- get in touch. I'm also open to "data science" positions if they're "languagey" #GetFediHired #NLProc #NLP

scottpackMay 23

New tool library entry is up! 🐒

Someone on my SecOps team asked a simple question: "what does this group actually have access to?" Turns out the answer was "more than expected" and the script I hacked together to find out eventually grew into a proper access review tool.

Get-AzureRoleAssignments enumerates Azure role assignments across all subscriptions and spits out a CSV report. Great for those "wait, who has Owner on prod?" moments.

https://secopsmonkey.com/post/2026-05-23-azure-access-reviews/

#PowerShell #Entra #Azure #SecOps #MicrosoftEntra

Script Release: Azure Access Reviews

Background Continuing the theme of identity management, let’s take a look at [Get-AzureRoleAssignments]. The genesis of this tool was a seemingly simple request from my Security Operations team.

SecopsMonkey
scottpackMay 3
@iamdoon Wasn't "Spicy Dill Pickle" your nickname in college?
Show threadscottpackApr 21
@Sempf
Show threadscottpackApr 21

@Sempf OHHH! That's a good thought. I would have used Côte des Blancs. Not a champagne yeast but mead is one of the uses. It's what I happen to keep on hand for cider.

Did y'all end up following a recipe? Since his turned out so well I'd love to hear about it.

Show threadscottpackApr 21
@Sempf I should try again. I made my first batch last year and it's drinkable enough that I'm willing to share, but not great. It reminds me a lot of mead, oddly. Not sure what happened there
scottpackApr 21

@stroz Agree several hundreds of percents.

My only complaint is that the "Next Up" list only shows up if unwatched episodes are newer than the newest watched. Meaning,

✅ If Seasons 1-9 watched, Season 10 Unwatched
❌ If Seasons 1-7 unwatched, Seasons 8-10 Watched

It's kind of a niche problem, but having an "In Progress" instead of "Next Up" would be nice

scottpackApr 19

@generalx @NosirrahSec At this point I have 20 years in InfoSec and my last role was Senior Director of Security Engineering. Yeah, I've definitely felt the "overqualified" pinch a lot. On the upside, I did qualify for the age discrimination class action against Workday. So that's something.

But dude entry level is especially rough right now. (I have a whole other AI rant on that topic.) The closest to entry level that I'm seeing still wants 3+ years experience. But if you can claim SRE or app-dev then that'll help a metric tonne. I'm seeing so many Security Engineer roles that are either hard Cloud or want people who can do code reviews and merge fixes.

scottpackApr 19

@generalx @NosirrahSec The _vahst_ majority of the responses are the form filled "Thanks for applying but piss off." But you're not wrong, it's been a higher response rate than I expected even if it's still embarrassingly low for them.

I've spent the last 5-odd years on the consulting side doing vCISO style engagements as an engineer/architect. What you described for internal folks is definitely a problem, and usually a self-perpetuating culture issue. It can be a hard mindset to break without replacing the security or technology leadership.

Are you any happier in the CSM world?

scottpackApr 19
@generalx @NosirrahSec Tell me about it. Since December 9th I've applied to 150 jobs. Of those 77 have just glittered away into the void.