1. I have not (in at least 15 years) seen Microsoft Malicious Software Removal Tool find anything. No doubt this is a tribute to my top-notch adminning - or that I don't use Windows enough.
2. I see many suspicious listings for IT positions, and have for years. I wonder about, say, ones for Linux System Administrator, yet into the second paragraph creeps things like Active Directory. And it's just as unfair for that Windows Administrator offer to eventually mention that little Linux project... [translation: we need two or three people, but we'll see how far we can get the budget to go...] And it gets worse. Did you hear about the hospital that paid the ransom to get back file access this week? News stories are mentioning that healthcare companies don't spend a lot on security these days, as if we needed to be told. Looks like the two issues (security problems and responsibility creep) have the same cause: budget problems.
3. This must be a good time to be a spammer. Need a server from which to do the job? Half the servers on the air probably don't have a dedicated admin due to cost-cutting (or some outfits never having had an admin at all). There are many server/website "admins" that haven't logged into their boxes in a year. Who's watching password aging? Patching? Upgrading? Is the box even up?
4. If you need instruction, Udemy is having a sale last I heard. And they do this fairly often: many pricey courses are offered for short periods at only $10. I'm taking a few now; instructors are hit/miss but all have at least been worth the time spent.
5. And in addition to Security Onion, I'm looking at DEFT (Digital Evidence and Forensics Toolkit).
