🚀 New Project — 8 Days of Azure PaaS I’ve kicked off a learn-in-public series exploring Microsoft Azure’s Platform as a Service. I’ve kicked off a new project: 8 Days of Azure PaaS 🎉 Over the next 8 days, I’ll be refreshing and documenting my knowledge of Microsoft Azure’s Platform as a Service (PaaS) offerings. Each day I’ll dive into a new component — App Services, Functions, SQL Database, AKS, Logic Apps, and more — and add my notes to a living guide page. 💡 This is a learn-in-public project . I’m sharing the journey openly — the good, the confusing, and the “aha!” moments. I will also be sharing links to the learning sources that I reviewed along the way. 👉 Check out Day 1 here 🔹 Why I’m Doing This In a recent conversation I realized I’ve been more focused on MSP mindset, and pratice, IT security, RMM tools and PSA tools — and I needed a refresher on Azure’s PaaS side. Its great to t...

POA&M vs. “Mitigation” — Clearing Up a Common Misunderstanding In federal cybersecurity, acronyms rule. One of the most misunderstood is POA&M . What POA&M Really Means POA&M stands for Plan of Action and Milestones . It’s an official term across DoD , FedRAMP , and NIST RMF . A POA&M isn’t just a note about what you’ll fix — it’s a structured tracker for both the work and the proof of progress: Issue identified (finding, failed STIG check, CVE, audit result) Plan of action (patch/config/control/compensating control) Milestones with dates , owners , and checkpoints Target completion and ongoing status updates Key idea: A POA&M tracks accountability + progress , not just the intended fix. The Misunderstanding: “Plan of Action and Mitigation” You’ll sometimes hear people say “Plan of Action and Mitigation.” It sounds right in a security con...

DoD ↔ Commercial Security & IT Cheat Sheet Quick mappings between common U.S. government (DoD/federal) terms and their closest commercial-world equivalents. IAVA STIG SCAP/ACAS RMF/ATO POA&M HBSS PKI/CAC NIPR/SIPR/JWICS SCIF CDS FedRAMP FISMA CUI DFARS NIST 800-171 CMMC TIC KEV DoDIN FOUO TEMPEST DoD / Gov Term What it Means Closest Commercial Equivalent IAVA / IAVM / IAVB / TA Mandatory alerts & guidance for vulnerabilities on DoD systems. Vendor advisories; CISA KEV ; Patch Tuesday. STIG (DISA) Hardening baselines & config requiremen...

KEV vs CVE — why it matters. CVE KEV CVE is a Common Vulnerabilities and Exposures entry — a flaw that’s been identified and cataloged. KEV is a Known Exploited Vulnerability — the same, but with a key difference: attackers are already using it in the wild. My biggest fear with any central tool is it becoming a KEV . That’s the jump from “possible risk” to active threat . 🚨 ⚠️ This week, N-able N-central made that jump. Two CVEs ( 2025-8875 & 2025-8876 ) are now on CISA’s KEV list, meaning they’re being exploited right now. See the catalog on CISA: Known Exploited Vulnerabilities .

⚠️ Security Advisory: N-able N-central on CISA KEV — CVE-2025-8875 (insecure deserialization) & CVE-2025-8876 (command injection). Active exploitation reported. Update to 2025.3.1 Or install 2024.6 HF2 Enforce MFA for Admins Share client notice MSPs, Take Note: When Your Core Tool Is in the Crosshairs The N-central news shows how fast a central platform can become a central risk. In the MSP world, your RMM/central platform is the heartbeat of patching, monitoring, and response. When it lands on the KEV list, it’s not just a patch—it’s an operational fire drill: validate exposure, confirm versions, brief staff, notify clients, and verify compensating controls. Why It Hurts the MSP Space Trust shockwave: Headlines trigger client anxiety. Even fully patched orgs get the “Are we safe?” calls. Operational drag: War-room time: scanning, change w...

We Are Bob. We Are MSP. When the Bobiverse meets RMM life Just finished We Are Legion (We Are Bob) by Dennis E. Taylor — and honestly, it’s the most accurate description of what it’s like running an RMM platform for an MSP. Spin up agents (aka Bobs) Send them out into the galaxy (your clients’ networks) Watch them all evolve in slightly different directions Hope none go rogue, crash, or start questioning their purpose mid-patch Each Bob: “I’ve identified an inefficiency in the system. Running script…” Meanwhile, me: “Please stop rewriting your own policies, just install the printer driver.” Managing a fleet of autonomous tools in 100+ environments? Welcome to the Bobiverse. #WeAreBob #Bobiverse #DennisETaylor #MSP #RMM #Automation #PatchManagement #EndpointChaos #RootAccessGuy #TechHumor #ITLife #MSPTools #ConnectWise #Nable #Kaseya #ITCrowdApproved