SOC Lab Day 6 - Trust But Verify
Before working from the public WiFi, I wanted to actually verify the tunnel was encrypting traffic to my home lab.
RIGGS built the verification checklist with me. We went back and forth on it a few times. Early drafts were too optimized for speed, not for understanding. Rewrote it from the ground up as OJT: every step explains *why*, not just what.
The goal is that I understand what I'm looking at, not just that the test passes.
One thing that came out of the live run: filtering tcpdump output post-capture with grep and awk. I didn't know that workflow going in — RIGGS walked me through it on the fly when the raw output was too noisy to read on camera.
```
grep " > " /tmp/capture.txt | awk '{print $3, $4, $5}'
```
That one-liner cut through the noise and surfaced a port 1028 anomaly I'd have missed in the raw output. RIGGS identified it as Tailscale path discovery, expected behavior, not a problem. But the point is: the filtering made it visible. You can't investigate what you can't see.
The human-in-the-loop piece on this session was mostly judgment calls: is this command right for a junior to run, or is it a senior shortcut? RIGGS executes the build, but the pedagogical decisions were mine.
Anyone else building learning reps with AI as the instructor?
3
3 comments
Bagu Hanto
5
SOC Lab Day 6 - Trust But Verify
AI Automation Society
skool.com/ai-automation-society
Learn to get paid for AI solutions, regardless of your background.
Leaderboard (30-day)
Powered by