🚀 8 Days of Azure PaaS — Updates! Day 1 & Day 2 are live — and this is just the beginning. I’m two days into my new project: 8 Days of Azure PaaS 🎉 Over 8 days, I’m refreshing and documenting my knowledge of Microsoft Azure’s Platform as a Service (PaaS) offerings. Each day I dive into a different piece — App Services, Functions, SQL Database, AKS, Logic Apps, and more — while sharing notes, gotchas, and hands-on examples. 💡 This is a learn-in-public project . I’m sharing the journey openly — the good, the confusing, and the “aha!” moments — along with the learning sources I review. 👉 Read Day 1 — What is PaaS? 👉 Read Day 2 — Azure App Services 🔹 Why I’m Doing This In a recent interview, I realized I’ve been deep in the MSP world, IT security, RMM tools, and PSA platforms — but needed a refresher on Azure’s PaaS side. This project keeps me accountable and ...

🚀 New Project — 8 Days of Azure PaaS I’ve kicked off a learn-in-public series exploring Microsoft Azure’s Platform as a Service. I’ve kicked off a new project: 8 Days of Azure PaaS 🎉 Over the next 8 days, I’ll be refreshing and documenting my knowledge of Microsoft Azure’s Platform as a Service (PaaS) offerings. Each day I’ll dive into a new component — App Services, Functions, SQL Database, AKS, Logic Apps, and more — and add my notes to a living guide page. 💡 This is a learn-in-public project . I’m sharing the journey openly — the good, the confusing, and the “aha!” moments. I will also be sharing links to the learning sources that I reviewed along the way. 👉 Check out Day 1 here 🔹 Why I’m Doing This In a recent conversation I realized I’ve been more focused on MSP mindset, and pratice, IT security, RMM tools and PSA tools — and I needed a refresher on Azure’s PaaS side. Its great to t...

POA&M vs. “Mitigation” — Clearing Up a Common Misunderstanding In federal cybersecurity, acronyms rule. One of the most misunderstood is POA&M . What POA&M Really Means POA&M stands for Plan of Action and Milestones . It’s an official term across DoD , FedRAMP , and NIST RMF . A POA&M isn’t just a note about what you’ll fix — it’s a structured tracker for both the work and the proof of progress: Issue identified (finding, failed STIG check, CVE, audit result) Plan of action (patch/config/control/compensating control) Milestones with dates , owners , and checkpoints Target completion and ongoing status updates Key idea: A POA&M tracks accountability + progress , not just the intended fix. The Misunderstanding: “Plan of Action and Mitigation” You’ll sometimes hear people say “Plan of Action and Mitigation.” It sounds right in a security con...

DoD ↔ Commercial Security & IT Cheat Sheet Quick mappings between common U.S. government (DoD/federal) terms and their closest commercial-world equivalents. IAVA STIG SCAP/ACAS RMF/ATO POA&M HBSS PKI/CAC NIPR/SIPR/JWICS SCIF CDS FedRAMP FISMA CUI DFARS NIST 800-171 CMMC TIC KEV DoDIN FOUO TEMPEST DoD / Gov Term What it Means Closest Commercial Equivalent IAVA / IAVM / IAVB / TA Mandatory alerts & guidance for vulnerabilities on DoD systems. Vendor advisories; CISA KEV ; Patch Tuesday. STIG (DISA) Hardening baselines & config requiremen...

KEV vs CVE — why it matters. CVE KEV CVE is a Common Vulnerabilities and Exposures entry — a flaw that’s been identified and cataloged. KEV is a Known Exploited Vulnerability — the same, but with a key difference: attackers are already using it in the wild. My biggest fear with any central tool is it becoming a KEV . That’s the jump from “possible risk” to active threat . 🚨 ⚠️ This week, N-able N-central made that jump. Two CVEs ( 2025-8875 & 2025-8876 ) are now on CISA’s KEV list, meaning they’re being exploited right now. See the catalog on CISA: Known Exploited Vulnerabilities .

⚠️ Security Advisory: N-able N-central on CISA KEV — CVE-2025-8875 (insecure deserialization) & CVE-2025-8876 (command injection). Active exploitation reported. Update to 2025.3.1 Or install 2024.6 HF2 Enforce MFA for Admins Share client notice MSPs, Take Note: When Your Core Tool Is in the Crosshairs The N-central news shows how fast a central platform can become a central risk. In the MSP world, your RMM/central platform is the heartbeat of patching, monitoring, and response. When it lands on the KEV list, it’s not just a patch—it’s an operational fire drill: validate exposure, confirm versions, brief staff, notify clients, and verify compensating controls. Why It Hurts the MSP Space Trust shockwave: Headlines trigger client anxiety. Even fully patched orgs get the “Are we safe?” calls. Operational drag: War-room time: scanning, change w...