Keith Weaver
@keithmweaver.com
Christian, husband, & father. Passionate about security. #Microsoft365 #MicrosoftTeams
Reposted by Keith Weaver
If I may present an alternative opinion on cloud outages:
Occasional short reminders of fragility in centralization and smoke-testing of our societal systems with effectively inconsequential events, is important.
There is going to be day gigaoutage culminates, due to lack of minoroutage warnings.
Occasional short reminders of fragility in centralization and smoke-testing of our societal systems with effectively inconsequential events, is important.
There is going to be day gigaoutage culminates, due to lack of minoroutage warnings.
November 19, 2025 at 2:32 AM
If I may present an alternative opinion on cloud outages:
Occasional short reminders of fragility in centralization and smoke-testing of our societal systems with effectively inconsequential events, is important.
There is going to be day gigaoutage culminates, due to lack of minoroutage warnings.
Occasional short reminders of fragility in centralization and smoke-testing of our societal systems with effectively inconsequential events, is important.
There is going to be day gigaoutage culminates, due to lack of minoroutage warnings.
Reposted by Keith Weaver
I have talked to an IT admin turned security Principal, who had a 0click 0day deployed on their network. I know the case and CVE, it is real.
What saved them was the attacker encountering a configuration they had just NO idea what to do with.
Attackers are not gods, even if they have the commands.
What saved them was the attacker encountering a configuration they had just NO idea what to do with.
Attackers are not gods, even if they have the commands.
I tell the story often but in the beginnings of my career in IT I was fascinated by stories of 0days by state actors. And I worried about them.
As our entire client base was XP SP2 with zero governance and many machines shared huge groups of local admins.
Perspective later is hell of a thing.
As our entire client base was XP SP2 with zero governance and many machines shared huge groups of local admins.
Perspective later is hell of a thing.
November 19, 2025 at 5:41 AM
I have talked to an IT admin turned security Principal, who had a 0click 0day deployed on their network. I know the case and CVE, it is real.
What saved them was the attacker encountering a configuration they had just NO idea what to do with.
Attackers are not gods, even if they have the commands.
What saved them was the attacker encountering a configuration they had just NO idea what to do with.
Attackers are not gods, even if they have the commands.
Reposted by Keith Weaver
Oof, the sycophancy problem in LLM's + triggering on any irrelevant details you feed them, recently led a P2 problem call down the wrong pathing for hours.
The chatbot is never going to TELL you to step back and ask if this entire inquiry is irrelevant to larger goal.
This is your moat. It's mine.
The chatbot is never going to TELL you to step back and ask if this entire inquiry is irrelevant to larger goal.
This is your moat. It's mine.
August 29, 2025 at 2:59 AM
Oof, the sycophancy problem in LLM's + triggering on any irrelevant details you feed them, recently led a P2 problem call down the wrong pathing for hours.
The chatbot is never going to TELL you to step back and ask if this entire inquiry is irrelevant to larger goal.
This is your moat. It's mine.
The chatbot is never going to TELL you to step back and ask if this entire inquiry is irrelevant to larger goal.
This is your moat. It's mine.
Reposted by Keith Weaver
Someone smarter than me described customer data as toxic waste. Whatever you can't destroy must be buried deep, with heavy security.
July 26, 2025 at 1:02 AM
Someone smarter than me described customer data as toxic waste. Whatever you can't destroy must be buried deep, with heavy security.
Reposted by Keith Weaver
Part of the job as a cybersecurity professional is in fact arguing to purge and not log information about your customers.
Data is not oil. It's risk.
Data is not oil. It's risk.
July 26, 2025 at 12:56 AM
Part of the job as a cybersecurity professional is in fact arguing to purge and not log information about your customers.
Data is not oil. It's risk.
Data is not oil. It's risk.
Having an issue with Windows 365/AVD Entra SSO to session hosts and web sign-in for RDP. All users receive this error when trying to connect.
Sign-in error code: 500032
Failure reason: Cannot find signing certificate/private key to issue a certificate.
Sign-in error code: 500032
Failure reason: Cannot find signing certificate/private key to issue a certificate.
March 4, 2025 at 3:08 AM
Having an issue with Windows 365/AVD Entra SSO to session hosts and web sign-in for RDP. All users receive this error when trying to connect.
Sign-in error code: 500032
Failure reason: Cannot find signing certificate/private key to issue a certificate.
Sign-in error code: 500032
Failure reason: Cannot find signing certificate/private key to issue a certificate.
Reposted by Keith Weaver
If you want to work in security, just know up front it's a thankless job most of the time.
1. People do not understand why it's necessary
2. People will complain about it all the time
3. People will not see the value in your job, unless you get popped, then they will blame you anyway
1. People do not understand why it's necessary
2. People will complain about it all the time
3. People will not see the value in your job, unless you get popped, then they will blame you anyway
February 27, 2025 at 5:47 AM
If you want to work in security, just know up front it's a thankless job most of the time.
1. People do not understand why it's necessary
2. People will complain about it all the time
3. People will not see the value in your job, unless you get popped, then they will blame you anyway
1. People do not understand why it's necessary
2. People will complain about it all the time
3. People will not see the value in your job, unless you get popped, then they will blame you anyway