Security hardening guides always explain why a setting is more secure than another. However, I find that they always lack an explanation of the negative consequences for when the more secure setting is selected.

Sometimes it's straightforward, like when a password policy is enforced : users may be annoyed to have to pick a password with this or that criteria.
Most of the time however, we simply don't know if users will simply not notice the change or if they will complain that they can't work anymore. For example, if I disable some protocol on a workstation, it might either completely be fine or prevent a key business application from being reached.

What I would love in a hardening guide is a list of potential negative consequences and a way to identify if they are likely to occur.

For instance, "if you enable this, users will no longer see this or be able to do that" and/or "to check if such a negative consequence is likely to occur, here's a command you can run that audits the past usage of this protocol/setting/whatever".
This way, it's much easier to pull the trigger when activating secure settings and support can know whether a future user complaint may or may not be linked to a recent change.

#infosec #blueteam

Security hardening guides always explain why a setting is more secure than another. However, I find that they always lack an explanation of the negative consequences for when the more secure setting is selected.

Sometimes it's straightforward, like when a password policy is enforced : users may be annoyed to have to pick a password with this or that criteria.
Most of the time however, we simply don't know if users will simply not notice the change or if they will complain that they can't work anymore. For example, if I disable some protocol on a workstation, it might either completely be fine or prevent a key business application from being reached.

What I would love in a hardening guide is a list of potential negative consequences and a way to identify if they are likely to occur.

For instance, "if you enable this, users will no longer see this or be able to do that" and/or "to check if such a negative consequence is likely to occur, here's a command you can run that audits the past usage of this protocol/setting/whatever".
This way, it's much easier to pull the trigger when activating secure settings and support can know whether a future user complaint may or may not be linked to a recent change.

#infosec #blueteam

I put together a hands-on guide to deploying an OpenCTI OSINT stack for cybersecurity research — focused on why you’d architect it certain ways, not just copy-paste YAML.

If you’re a student, homelabber, or security practitioner who wants real CTI experience instead of theory, this one’s for you.

https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/

#CyberSecurity #OSINT #ThreatIntel #OpenCTI #Homelab #BlueTeam #SOC #Infosec #SelfHosted

I put together a hands-on guide to deploying an OpenCTI OSINT stack for cybersecurity research — focused on why you’d architect it certain ways, not just copy-paste YAML.

If you’re a student, homelabber, or security practitioner who wants real CTI experience instead of theory, this one’s for you.

https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/

#CyberSecurity #OSINT #ThreatIntel #OpenCTI #Homelab #BlueTeam #SOC #Infosec #SelfHosted

Back in the saddle with my Cybersecurity Weekly Roundup for 2026.

This week’s signal: CISA moves (KEV + retired Emergency Directives), critical patching for Veeam/Trend Micro/n8n/Cisco ISE, legacy edge gear still getting farmed, “internal-looking” phishing tricks, and malicious browser extensions stealing AI chats.

15 stories, quick briefs, and my practitioner take:
https://www.kylereddoch.me/blog/cybersecurity-weekly-roundup-january-2-9-2026/

#Cybersecurity #InfoSec #VulnManagement #ThreatIntel #Ransomware #BlueTeam #CybersecurityWeeklyRoundup #CybersecKyle

Back in the saddle with my Cybersecurity Weekly Roundup for 2026.

This week’s signal: CISA moves (KEV + retired Emergency Directives), critical patching for Veeam/Trend Micro/n8n/Cisco ISE, legacy edge gear still getting farmed, “internal-looking” phishing tricks, and malicious browser extensions stealing AI chats.

15 stories, quick briefs, and my practitioner take:
https://www.kylereddoch.me/blog/cybersecurity-weekly-roundup-january-2-9-2026/

#Cybersecurity #InfoSec #VulnManagement #ThreatIntel #Ransomware #BlueTeam #CybersecurityWeeklyRoundup #CybersecKyle

Threat intel is utterly impossible. Look at this. All from a fake browser update. One person, just clicking on a website causes all of this. How do you create a threat model for this shit?

https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html?m=1

#threatintel #blueteam

@matthew_d_green ah, so the @signalapp secure contact enclave is weakened?

#signal #blueteam #security

This is fun. Google Gemini’s “Summarize email” function is vulnerable to invisible prompt injection utilized to deceive users, including with fake security alerts.

#infosec #cybersecurity #blueteam

https://0din.ai/blog/phishing-for-gemini

This is fun. Google Gemini’s “Summarize email” function is vulnerable to invisible prompt injection utilized to deceive users, including with fake security alerts.

#infosec #cybersecurity #blueteam

https://0din.ai/blog/phishing-for-gemini