From e4ed316ad26e881ea6dccb24ed50b1b115958fce Mon Sep 17 00:00:00 2001
From: jowj <me@jowj.net>
Date: Mon, 24 Jun 2019 15:54:05 -0500
Subject: [PATCH] Rebuilding site after adding tvm post.

---
 _posts/2019-06-24-new_company_tvm.md          |  46 ++++++++
 _site/index.html                              |   5 +-
 _site/index.md                                |   1 +
 _site/personal/2019/04/15/friendsgiving.html  |   4 +-
 .../personal/2019/04/15/lt_thanksgiving.html  |   4 +-
 _site/personal/2019/04/15/rad_boys_only.html  |   4 +-
 _site/personal/2019/04/18/vcards.html         |   4 +-
 _site/personal/index.html                     |   2 +-
 _site/projects/2019/04/15/agares.html         |   4 +-
 .../04/15/hosting_static_sites_on_s3.html     |   4 +-
 _site/projects/2019/04/15/mojojojo_bot.html   |   4 +-
 _site/projects/2019/04/15/workingcopy.html    |   4 +-
 _site/projects/2019/06/23/pynit.html          |   4 +-
 _site/projects/index.html                     |   2 +-
 .../security/2019/06/24/new_company_tvm.html  | 111 ++++++++++++++++++
 _site/security/index.html                     |  62 ++++++++++
 index.md                                      |   1 +
 security.md                                   |  13 ++
 18 files changed, 257 insertions(+), 22 deletions(-)
 create mode 100644 _posts/2019-06-24-new_company_tvm.md
 create mode 100644 _site/security/2019/06/24/new_company_tvm.html
 create mode 100644 _site/security/index.html
 create mode 100644 security.md

diff --git a/_posts/2019-06-24-new_company_tvm.md b/_posts/2019-06-24-new_company_tvm.md
new file mode 100644
index 0000000..0fe1f7f
--- /dev/null
+++ b/_posts/2019-06-24-new_company_tvm.md
@@ -0,0 +1,46 @@
+---
+title: tvm at a new company
+categories: security
+---
+
+# no new problems
+i recently started a new job and am faced with the usual: "please set up our scanners and Make Us Secure", "What Do These Alerts Mean", etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that i've been asking myself, along with some possible answers.
+
+## using an existing scanning install or starting over
+it may be reasonable to nuke an install if:
+
+- data existing in the install is massively out of date / bad / for some reason is fucked up data
+- data existing in the install doesn't tell you anything useful; 'these ips are alive' isn't useful.
+
+times when you definitely should not nuke an install:
+- if the install is tied to existing agents; losing those agent connections would be a mistake
+
+those are really the only hard constraints i can think of. everything else seems pretty grey
+
+## are naming schemes important enough to spend time on
+hard yes. some of the names in use at my new place are frankly /hilarious/. and bad. "aaah, a scan template called 'corp users', what do you suppo - oh, its for scanning production? of course."
+
+i picked a rough naming scheme template for all objects, and then tweaked it on a per-object-type basis, i.e.:
+
+ProductName - Environment - Geolocation - Data
+
+"search - prod - aus" is pretty straight forward, and then the 'data' field can be where you really express differences between the object classes. if it ends up looking a bit different between object classes, that's ok. the most important thing for naming schemes is consistency to the rules you set. everything else, while still important, is secondary.
+
+## a note on scan schedules
+think about what a particular scan is trying to accomplish. if the goal of a scan is to get data from /corporate servers/ then a typical overnight maintenance window makes sense. 
+
+if the goal is to get data from /the entire corporate netblock/ then scanning over night is probably really stupid, unless the entire company works during that time. after all, most companies are deploying large laptop fleets that all get taken home at the end of the day! instead, you can tackle this by doing one of these:
+- scan midday, during the work hours, at several different times to catch differently shifted people
+- install agents on all laptop / movable devices
+
+ok, apparently the title should be "two notes on sacns". if your goal is to scan sensitive production servers make sure you reach out to the ops team that manages those servers. they should know, you should have a paper trail proving you at least made best efforts to communicate, etc.
+
+
+## what other things should I check on
+
+- is the OS backing the scanning app still getting updates? a lot of people fire and forget scan setups so make sure you're not running shit off some idiots ubuntu 12 install.
+- how much of the infrastructure are we actually scanning? do have blind spots?
+  - if there isn't an ipam then this will be reaaaaal hard to figure out, but its very important.
+- is your license sufficient or will you have to get more approved before you can actually achieve good coverage?
+- are there any non-expiring exceptions?
+  - if so, i recommend nuking them and rebuilding them with at the most a 1 year expiration date; force the company to re-eval once a year if they really want these risks.
diff --git a/_site/index.html b/_site/index.html
index 531deae..d8bbfc7 100644
--- a/_site/index.html
+++ b/_site/index.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -20,7 +20,7 @@
 <meta property="og:url" content="http://localhost:4000/" />
 <meta property="og:site_name" content="josiah ledbetter" />
 <script type="application/ld+json">
-{"@type":"WebSite","url":"http://localhost:4000/","name":"josiah ledbetter","headline":"josiah ledbetter","@context":"http://schema.org"}</script>
+{"name":"josiah ledbetter","@type":"WebSite","url":"http://localhost:4000/","headline":"josiah ledbetter","@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
@@ -42,6 +42,7 @@
 
 <p>🤖 <a href="/projects/">projects</a><br />
 🧟 <a href="/personal/">personal</a><br />
+💩 <a href="/security/">security thots</a><br />
 ‍🧙 <a href="/josiah-resume.pdf">resume</a></p>
 
         </section>
diff --git a/_site/index.md b/_site/index.md
index e8e225c..e0d3ca3 100644
--- a/_site/index.md
+++ b/_site/index.md
@@ -2,4 +2,5 @@ hi you have reached the landing page of me, the person whose name is above this
 
 🤖 [projects](/projects/)  
 🧟 [personal](/personal/)  
+💩 [security thots](/security/)  
 ‍🧙 [resume](/josiah-resume.pdf)  
diff --git a/_site/personal/2019/04/15/friendsgiving.html b/_site/personal/2019/04/15/friendsgiving.html
index 10253e8..454d5ae 100644
--- a/_site/personal/2019/04/15/friendsgiving.html
+++ b/_site/personal/2019/04/15/friendsgiving.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -24,7 +24,7 @@
 <meta property="og:type" content="article" />
 <meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
 <script type="application/ld+json">
-{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/friendsgiving.html"},"description":"look at how pretty this fucking table is my sister made a bunch of that stuff there; the candles were all melted on to the wood and the gourds that they were resting on; the wreathes of Whatever Plant were picked from her garden; even the table it all sat on was made by my sister and her family","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/friendsgiving.html","headline":"friendsgiving","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
+{"description":"look at how pretty this fucking table is my sister made a bunch of that stuff there; the candles were all melted on to the wood and the gourds that they were resting on; the wreathes of Whatever Plant were picked from her garden; even the table it all sat on was made by my sister and her family","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/friendsgiving.html","headline":"friendsgiving","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/friendsgiving.html"},"@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
diff --git a/_site/personal/2019/04/15/lt_thanksgiving.html b/_site/personal/2019/04/15/lt_thanksgiving.html
index 9e1ae29..5155d3f 100644
--- a/_site/personal/2019/04/15/lt_thanksgiving.html
+++ b/_site/personal/2019/04/15/lt_thanksgiving.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -24,7 +24,7 @@
 <meta property="og:type" content="article" />
 <meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
 <script type="application/ld+json">
-{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/lt_thanksgiving.html"},"description":"seattle we flew in to seattle from austin at 845 am. don’t take that flight it was fucking horrible but it did give us a full day there despite flying for 4 hours.","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/lt_thanksgiving.html","headline":"lt-friendsgiving","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
+{"description":"seattle we flew in to seattle from austin at 845 am. don’t take that flight it was fucking horrible but it did give us a full day there despite flying for 4 hours.","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/lt_thanksgiving.html","headline":"lt-friendsgiving","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/lt_thanksgiving.html"},"@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
diff --git a/_site/personal/2019/04/15/rad_boys_only.html b/_site/personal/2019/04/15/rad_boys_only.html
index 1537e71..fed4711 100644
--- a/_site/personal/2019/04/15/rad_boys_only.html
+++ b/_site/personal/2019/04/15/rad_boys_only.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -24,7 +24,7 @@
 <meta property="og:type" content="article" />
 <meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
 <script type="application/ld+json">
-{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/rad_boys_only.html"},"description":"rad boys only we are boys and we are rad sometimes our cooking makes us sad","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/rad_boys_only.html","headline":"rad boys only","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
+{"description":"rad boys only we are boys and we are rad sometimes our cooking makes us sad","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/15/rad_boys_only.html","headline":"rad boys only","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/15/rad_boys_only.html"},"@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
diff --git a/_site/personal/2019/04/18/vcards.html b/_site/personal/2019/04/18/vcards.html
index 9fe58c9..98d5aad 100644
--- a/_site/personal/2019/04/18/vcards.html
+++ b/_site/personal/2019/04/18/vcards.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -24,7 +24,7 @@
 <meta property="og:type" content="article" />
 <meta property="article:published_time" content="2019-04-18T00:00:00-05:00" />
 <script type="application/ld+json">
-{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/18/vcards.html"},"description":"this past week my dad and I helped my grandmother with a few Computer Things. my grandfather died at the end of last year and the process of getting “Computer Things” to a usable state for my grandmother was pretty rough.","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/18/vcards.html","headline":"vcards","dateModified":"2019-04-18T00:00:00-05:00","datePublished":"2019-04-18T00:00:00-05:00","@context":"http://schema.org"}</script>
+{"description":"this past week my dad and I helped my grandmother with a few Computer Things. my grandfather died at the end of last year and the process of getting “Computer Things” to a usable state for my grandmother was pretty rough.","@type":"BlogPosting","url":"http://localhost:4000/personal/2019/04/18/vcards.html","headline":"vcards","dateModified":"2019-04-18T00:00:00-05:00","datePublished":"2019-04-18T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/personal/2019/04/18/vcards.html"},"@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
diff --git a/_site/personal/index.html b/_site/personal/index.html
index 37a51c2..41323af 100644
--- a/_site/personal/index.html
+++ b/_site/personal/index.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
diff --git a/_site/projects/2019/04/15/agares.html b/_site/projects/2019/04/15/agares.html
index 883a34c..e8e249e 100644
--- a/_site/projects/2019/04/15/agares.html
+++ b/_site/projects/2019/04/15/agares.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -24,7 +24,7 @@
 <meta property="og:type" content="article" />
 <meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
 <script type="application/ld+json">
-{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/agares.html"},"description":"agares, a multi armed demon well, originally i don’t think the multi armed part was mentioned in the “list of demons” i found on the internet. now, though, agares is absolutely multi armed because I keep adding so much bullshit to this project.","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/agares.html","headline":"agares","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
+{"description":"agares, a multi armed demon well, originally i don’t think the multi armed part was mentioned in the “list of demons” i found on the internet. now, though, agares is absolutely multi armed because I keep adding so much bullshit to this project.","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/agares.html","headline":"agares","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/agares.html"},"@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
diff --git a/_site/projects/2019/04/15/hosting_static_sites_on_s3.html b/_site/projects/2019/04/15/hosting_static_sites_on_s3.html
index 4d9b8e8..77fbb9f 100644
--- a/_site/projects/2019/04/15/hosting_static_sites_on_s3.html
+++ b/_site/projects/2019/04/15/hosting_static_sites_on_s3.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -24,7 +24,7 @@
 <meta property="og:type" content="article" />
 <meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
 <script type="application/ld+json">
-{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/hosting_static_sites_on_s3.html"},"description":"Hosting static sites on S3","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/hosting_static_sites_on_s3.html","headline":"Hosting static sites on S3","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
+{"description":"Hosting static sites on S3","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/hosting_static_sites_on_s3.html","headline":"Hosting static sites on S3","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/hosting_static_sites_on_s3.html"},"@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
diff --git a/_site/projects/2019/04/15/mojojojo_bot.html b/_site/projects/2019/04/15/mojojojo_bot.html
index 4203f56..29005ec 100644
--- a/_site/projects/2019/04/15/mojojojo_bot.html
+++ b/_site/projects/2019/04/15/mojojojo_bot.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -24,7 +24,7 @@
 <meta property="og:type" content="article" />
 <meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
 <script type="application/ld+json">
-{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/mojojojo_bot.html"},"description":"mojojojo-bot this was relatively easy to build initially (straight from a template), but building any functionality that I wanted into was, as expected, hard. because i am garbage at python.","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/mojojojo_bot.html","headline":"mojojojo-bot","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
+{"description":"mojojojo-bot this was relatively easy to build initially (straight from a template), but building any functionality that I wanted into was, as expected, hard. because i am garbage at python.","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/mojojojo_bot.html","headline":"mojojojo-bot","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/mojojojo_bot.html"},"@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
diff --git a/_site/projects/2019/04/15/workingcopy.html b/_site/projects/2019/04/15/workingcopy.html
index 6160673..4f7a5e7 100644
--- a/_site/projects/2019/04/15/workingcopy.html
+++ b/_site/projects/2019/04/15/workingcopy.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -24,7 +24,7 @@
 <meta property="og:type" content="article" />
 <meta property="article:published_time" content="2019-04-15T00:00:00-05:00" />
 <script type="application/ld+json">
-{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/workingcopy.html"},"description":"editing files tracked in gif while on your phone","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/workingcopy.html","headline":"editing files tracked in gif while on your phone","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","@context":"http://schema.org"}</script>
+{"description":"editing files tracked in gif while on your phone","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/04/15/workingcopy.html","headline":"editing files tracked in gif while on your phone","dateModified":"2019-04-15T00:00:00-05:00","datePublished":"2019-04-15T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/04/15/workingcopy.html"},"@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
diff --git a/_site/projects/2019/06/23/pynit.html b/_site/projects/2019/06/23/pynit.html
index 998503f..1ba60cb 100644
--- a/_site/projects/2019/06/23/pynit.html
+++ b/_site/projects/2019/06/23/pynit.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
@@ -24,7 +24,7 @@
 <meta property="og:type" content="article" />
 <meta property="article:published_time" content="2019-06-23T00:00:00-05:00" />
 <script type="application/ld+json">
-{"mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/06/23/pynit.html"},"description":"pynit is a personal archival script that relies on pinboard.in. it pulls in posts through the reddit api (by way of praw) and adds them to the linked pinboard account. you can get it here","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/06/23/pynit.html","headline":"pynit","dateModified":"2019-06-23T00:00:00-05:00","datePublished":"2019-06-23T00:00:00-05:00","@context":"http://schema.org"}</script>
+{"description":"pynit is a personal archival script that relies on pinboard.in. it pulls in posts through the reddit api (by way of praw) and adds them to the linked pinboard account. you can get it here","@type":"BlogPosting","url":"http://localhost:4000/projects/2019/06/23/pynit.html","headline":"pynit","dateModified":"2019-06-23T00:00:00-05:00","datePublished":"2019-06-23T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/projects/2019/06/23/pynit.html"},"@context":"http://schema.org"}</script>
 <!-- End Jekyll SEO tag -->
 
   </head>
diff --git a/_site/projects/index.html b/_site/projects/index.html
index a6510f3..745aed0 100644
--- a/_site/projects/index.html
+++ b/_site/projects/index.html
@@ -4,7 +4,7 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <link rel="stylesheet" href="/assets/css/style.css?v=4e3c68cf7a8c91904937937b8924d9627fc64a8a">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
     <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
     <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
     <!--[if lt IE 9]>
diff --git a/_site/security/2019/06/24/new_company_tvm.html b/_site/security/2019/06/24/new_company_tvm.html
new file mode 100644
index 0000000..b88c8e2
--- /dev/null
+++ b/_site/security/2019/06/24/new_company_tvm.html
@@ -0,0 +1,111 @@
+<!DOCTYPE html>
+<html lang="en-US">
+  <head>
+    <meta charset='utf-8'>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
+    <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
+    <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
+    <!--[if lt IE 9]>
+    <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
+    <![endif]-->
+
+<!-- Begin Jekyll SEO tag v2.5.0 -->
+<title>tvm at a new company | josiah ledbetter</title>
+<meta name="generator" content="Jekyll v3.7.4" />
+<meta property="og:title" content="tvm at a new company" />
+<meta property="og:locale" content="en_US" />
+<meta name="description" content="no new problems i recently started a new job and am faced with the usual: “please set up our scanners and Make Us Secure”, “What Do These Alerts Mean”, etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that i’ve been asking myself, along with some possible answers." />
+<meta property="og:description" content="no new problems i recently started a new job and am faced with the usual: “please set up our scanners and Make Us Secure”, “What Do These Alerts Mean”, etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that i’ve been asking myself, along with some possible answers." />
+<link rel="canonical" href="http://localhost:4000/security/2019/06/24/new_company_tvm.html" />
+<meta property="og:url" content="http://localhost:4000/security/2019/06/24/new_company_tvm.html" />
+<meta property="og:site_name" content="josiah ledbetter" />
+<meta property="og:type" content="article" />
+<meta property="article:published_time" content="2019-06-24T00:00:00-05:00" />
+<script type="application/ld+json">
+{"description":"no new problems i recently started a new job and am faced with the usual: “please set up our scanners and Make Us Secure”, “What Do These Alerts Mean”, etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that i’ve been asking myself, along with some possible answers.","@type":"BlogPosting","url":"http://localhost:4000/security/2019/06/24/new_company_tvm.html","headline":"tvm at a new company","dateModified":"2019-06-24T00:00:00-05:00","datePublished":"2019-06-24T00:00:00-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/security/2019/06/24/new_company_tvm.html"},"@context":"http://schema.org"}</script>
+<!-- End Jekyll SEO tag -->
+
+  </head>
+
+  <body>
+    <div id="container">
+      <div class="inner">
+
+        <header>
+          <h1>josiah ledbetter</h1>
+        </header>
+        <section id="downloads" class="clearfix">
+          
+	
+        </section>
+        <hr>
+        <section id="main_content">
+          <h1 id="no-new-problems">no new problems</h1>
+<p>i recently started a new job and am faced with the usual: “please set up our scanners and Make Us Secure”, “What Do These Alerts Mean”, etc etc. i keep thinking about the scanning / threat and vulnerability management (TVM) aspect, so i want to write about that. here are a list of questions that i’ve been asking myself, along with some possible answers.</p>
+
+<h2 id="using-an-existing-scanning-install-or-starting-over">using an existing scanning install or starting over</h2>
+<p>it may be reasonable to nuke an install if:</p>
+
+<ul>
+  <li>data existing in the install is massively out of date / bad / for some reason is fucked up data</li>
+  <li>data existing in the install doesn’t tell you anything useful; ‘these ips are alive’ isn’t useful.</li>
+</ul>
+
+<p>times when you definitely should not nuke an install:</p>
+<ul>
+  <li>if the install is tied to existing agents; losing those agent connections would be a mistake</li>
+</ul>
+
+<p>those are really the only hard constraints i can think of. everything else seems pretty grey</p>
+
+<h2 id="are-naming-schemes-important-enough-to-spend-time-on">are naming schemes important enough to spend time on</h2>
+<p>hard yes. some of the names in use at my new place are frankly /hilarious/. and bad. “aaah, a scan template called ‘corp users’, what do you suppo - oh, its for scanning production? of course.”</p>
+
+<p>i picked a rough naming scheme template for all objects, and then tweaked it on a per-object-type basis, i.e.:</p>
+
+<p>ProductName - Environment - Geolocation - Data</p>
+
+<p>“search - prod - aus” is pretty straight forward, and then the ‘data’ field can be where you really express differences between the object classes. if it ends up looking a bit different between object classes, that’s ok. the most important thing for naming schemes is consistency to the rules you set. everything else, while still important, is secondary.</p>
+
+<h2 id="a-note-on-scan-schedules">a note on scan schedules</h2>
+<p>think about what a particular scan is trying to accomplish. if the goal of a scan is to get data from /corporate servers/ then a typical overnight maintenance window makes sense.</p>
+
+<p>if the goal is to get data from /the entire corporate netblock/ then scanning over night is probably really stupid, unless the entire company works during that time. after all, most companies are deploying large laptop fleets that all get taken home at the end of the day! instead, you can tackle this by doing one of these:</p>
+<ul>
+  <li>scan midday, during the work hours, at several different times to catch differently shifted people</li>
+  <li>install agents on all laptop / movable devices</li>
+</ul>
+
+<p>ok, apparently the title should be “two notes on sacns”. if your goal is to scan sensitive production servers make sure you reach out to the ops team that manages those servers. they should know, you should have a paper trail proving you at least made best efforts to communicate, etc.</p>
+
+<h2 id="what-other-things-should-i-check-on">what other things should I check on</h2>
+
+<ul>
+  <li>is the OS backing the scanning app still getting updates? a lot of people fire and forget scan setups so make sure you’re not running shit off some idiots ubuntu 12 install.</li>
+  <li>how much of the infrastructure are we actually scanning? do have blind spots?
+    <ul>
+      <li>if there isn’t an ipam then this will be reaaaaal hard to figure out, but its very important.</li>
+    </ul>
+  </li>
+  <li>is your license sufficient or will you have to get more approved before you can actually achieve good coverage?</li>
+  <li>are there any non-expiring exceptions?
+    <ul>
+      <li>if so, i recommend nuking them and rebuilding them with at the most a 1 year expiration date; force the company to re-eval once a year if they really want these risks.</li>
+    </ul>
+  </li>
+</ul>
+
+        </section>
+
+        <footer>
+        
+        </footer>
+
+      </div>
+    </div>
+
+    
+  </body>
+</html>
diff --git a/_site/security/index.html b/_site/security/index.html
new file mode 100644
index 0000000..2f7f297
--- /dev/null
+++ b/_site/security/index.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<html lang="en-US">
+  <head>
+    <meta charset='utf-8'>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <link rel="stylesheet" href="/assets/css/style.css?v=96e407dbfef5e6ab83daa6dca716c304bdc64c14">
+    <link rel="stylesheet" type="text/css" href="/assets/css/print.css" media="print">
+    <link rel='shortcut icon' type='image/x-icon' href='favicon.ico' />
+    <!--[if lt IE 9]>
+    <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
+    <![endif]-->
+
+<!-- Begin Jekyll SEO tag v2.5.0 -->
+<title>security thots | josiah ledbetter</title>
+<meta name="generator" content="Jekyll v3.7.4" />
+<meta property="og:title" content="security thots" />
+<meta property="og:locale" content="en_US" />
+<link rel="canonical" href="http://localhost:4000/security/" />
+<meta property="og:url" content="http://localhost:4000/security/" />
+<meta property="og:site_name" content="josiah ledbetter" />
+<script type="application/ld+json">
+{"@type":"WebPage","url":"http://localhost:4000/security/","headline":"security thots","@context":"http://schema.org"}</script>
+<!-- End Jekyll SEO tag -->
+
+  </head>
+
+  <body>
+    <div id="container">
+      <div class="inner">
+
+        <header>
+          <h1>josiah ledbetter</h1>
+        </header>
+        <section id="downloads" class="clearfix">
+          
+	
+        </section>
+        <hr>
+        <section id="main_content">
+          <p>Posts in category "security thots" are:</p>
+
+<ul>
+  
+    
+        <li><a href="/security/2019/06/24/new_company_tvm.html">tvm at a new company</a></li>
+    
+  
+</ul>
+
+        </section>
+
+        <footer>
+        
+        </footer>
+
+      </div>
+    </div>
+
+    
+  </body>
+</html>
diff --git a/index.md b/index.md
index e8e225c..e0d3ca3 100644
--- a/index.md
+++ b/index.md
@@ -2,4 +2,5 @@ hi you have reached the landing page of me, the person whose name is above this
 
 🤖 [projects](/projects/)  
 🧟 [personal](/personal/)  
+💩 [security thots](/security/)  
 ‍🧙 [resume](/josiah-resume.pdf)  
diff --git a/security.md b/security.md
new file mode 100644
index 0000000..044a6f0
--- /dev/null
+++ b/security.md
@@ -0,0 +1,13 @@
+---
+permalink: /security/
+title: security thots
+---
+<p>Posts in category "security thots" are:</p>
+
+<ul>
+  {% for post in site.categories.security %}
+    {% if post.url %}
+        <li><a href="{{ post.url }}">{{ post.title }}</a></li>
+    {% endif %}
+  {% endfor %}
+</ul>