my sales reps are putting in the hours, but it feels like theyre just working hard, not smart. i need a way to help them focus on the right prospects and really prioritize the leads that are actually going to convert. its time to make things more efficient without burning everyone out.
anyone got tips on how to streamline the process so my team can work smarter, not harder?
We run apps across aws and gcp, eks in multiple regions, some ecs, lambdas everywhere, plus a few azure services nobody really wants to touch. alerting is messy across cloud watch, pagerduty and grafana, and on call gets rough because incidents bounce between teams.
Deployments also hit weird region specific issues pretty often, like I am roles not propagating or vpc peering acting up.
we tried centralizing things with terraform workspaces and argocd, but state gets messy across regions and teams still deploy things outside of it.
starting to think about a unified observability layer or something cross cloud, but not sure that actually solves the problem.
how are you handling this. anything that actually reduces noise and makes ownership clearer?
Most teams red team their chatbots like its 2023. One prompt, one response, check for toxicity, move on.
Real adversaries dont work that way. Crescendo attacks start with a complaint and 8 turns later your bot is writing profanity-laced poetry about your company. Three benign requests in a row exfiltrate m&a data to an external inbox. None of these trip per-turn filters cause each message looks fine in isolation.
If your red teaming isnt testing multi-turn sequences youre testing for the wrong threat model entirely, but you wouldn’t really know until you get hit.
So, we got a call from a client's IT director after a data leak scare, demanding we block every AI tool org-wide by end of week. We pushed back, he wouldn't budge. Had to spend the weekend locking it down.
Now Monday morning their CEO calls saying his chatgpt stopped working. Turns out he's been using it on a personal account for 6 months writing board decks. The IT director never told him about the block.
Blocking tools doesnt work when the tools are already woven into how people do their jobs. By the time you build the blocklist, half the org has found a workaround and the other half is on their phone.
We closed 847 cloud vulnerabilities last week across AWS and GCP after a remediation push. Tickets were created for each issue, engineers worked through them over a few days, and they were marked as resolved in the system. The remediation cycle was then marked as complete and reported internally
This morning the scheduled scan ran with the same tool and configuration. The same vulnerabilities appeared again with identical IDs and assets
Looked into it with the team and found the issue in the workflow. Tickets were closed when fixes were reported, but there was no step to verify that changes were applied in the environment
As a result, tickets moved to a resolved state while parts of the infrastructure remained unchanged. Some of these vulnerabilities are tied to exploitable paths, so this needs to be handled carefully
Process is now being updated to include a validation scan after remediation before closing tickets
How do you validate that vulnerabilities are remediated before closing them in large scale environments
Found 7 images in production last month during a routine review that we couldn't trace back to any pipeline run. Services were healthy, nothing was alerting. Best reconstruction is someone pulled directly from Docker Hub during an incident 4 months ago, pushed to the internal registry to unblock a deploy, and it just stayed there.
We have no signing enforcement. If an image clears CVE thresholds it can get to production. We don't verify it came from our CI system.
Cosign would solve this but we have 4 teams on 4 different CI setups. Jenkins, GitLab CI, GitHub Actions, and an internal system from a migration that never fully landed. Consistent signing across all of them is a 14 week project minimum according to the estimate we got. Maybe longer.
7 images we can't account for. Probably fine. How are teams handling provenance at this scale without it being a multi-quarter project.
All these AI security pitches seem to say the same thing. Model jailbreaks, prompt injection, poisoning, and other boring things.
But when you talk to actual CISOs, they worry about the same risks they’ve been worrying about for years. Over permissioned service accounts, poor logging, credentials sitting around in an old git repository; agents just accelerate the inevitable.
I’ve been listening to the curiouser and curiouser podcast by Alice and she summed up what the problem is here: pay down your hygiene debt before getting more AI security tools.
We’re a mid-size org, ~1200 endpoints, mixed Windows/Mac. CISO came back from some conference convinced extensions are our biggest blind spot and told me to own it. Well, the problem is I have no idea where to begin.
Pulled GPO reports and got names but no risk context. Ran a quick check and 99% of our users have at least one extension installed. A bunch have 10+. Most look harmless on the surface, basically grammar tools, PDF stuff, a few AI assistants. I have no way to tell which ones are actually risky vs. just noise.
Things I don't know how to answer yet:
I'm not looking for the perfect tool, I'm looking for a sane starting point. What did you all do when you first inherited this?