©️ 2025 Skillful Communications, Inc. | Big Interview is a trademark of Skillful Communications, Inc.
Every other Tuesday, you’ll get actionable tips to land your dream job. Subscribe
Now go update your plugins and stop running scans as DOMAIN\Administrator . Your production environment will thank you. What’s your biggest pet peeve about vulnerability scanning? Let me know in the comments (or on the company Slack, where we ignore Nessus alerts until patch Tuesday).
A knows that the gold is in the credentialed scan. They can tell you exactly which local privileges are needed for Windows (hint: not Administrator, just Performance Monitor Users group plus certain WMI permissions). They know how to SSH into a Linux box with a custom sudoers file that doesn't break the bank. Expert move: They don’t just scan root . They use a dedicated service account with the lightest possible footprint, and they always test the credentials before hitting “Launch.” 2. Plugin Whispering (Knowing the "Why" Behind the Alert) Nessus returns a result: Plugin 153953 (CVE-2021-44228).
If they say, “Nessus is never wrong,” run away.
In the world of vulnerability management, few tools have the staying power of Tenable’s Nessus. It’s the Swiss Army knife of infosec—beloved by sysadmins, feared by blue teams, and occasionally weaponized by red teams.
I’ve watched seasoned pentesters miss critical SQL injection vectors because they left the "Safe Checks" box unchecked. I’ve also watched junior admins discover Log4j in a legacy system that "enterprise tools" missed.
Now go update your plugins and stop running scans as DOMAIN\Administrator . Your production environment will thank you. What’s your biggest pet peeve about vulnerability scanning? Let me know in the comments (or on the company Slack, where we ignore Nessus alerts until patch Tuesday).
A knows that the gold is in the credentialed scan. They can tell you exactly which local privileges are needed for Windows (hint: not Administrator, just Performance Monitor Users group plus certain WMI permissions). They know how to SSH into a Linux box with a custom sudoers file that doesn't break the bank. Expert move: They don’t just scan root . They use a dedicated service account with the lightest possible footprint, and they always test the credentials before hitting “Launch.” 2. Plugin Whispering (Knowing the "Why" Behind the Alert) Nessus returns a result: Plugin 153953 (CVE-2021-44228). nessus expert
If they say, “Nessus is never wrong,” run away. Now go update your plugins and stop running
In the world of vulnerability management, few tools have the staying power of Tenable’s Nessus. It’s the Swiss Army knife of infosec—beloved by sysadmins, feared by blue teams, and occasionally weaponized by red teams. Let me know in the comments (or on
I’ve watched seasoned pentesters miss critical SQL injection vectors because they left the "Safe Checks" box unchecked. I’ve also watched junior admins discover Log4j in a legacy system that "enterprise tools" missed.
©️ 2025 Skillful Communications, Inc. | Big Interview is a trademark of Skillful Communications, Inc.