Skip to main content

I am constantly shocked at how much we've normalized constant attacks and ransoms instead of just... letting people do security.
in reply to Hypolite Petovan

silverwizard
silverwizard
@Hypolite Petovan it mostly means security teams being part of project plans so they can manage expectations, and build real-world security solutions
@Hypolite Petovan
in reply to silverwizard

Hypolite Petovan
Hypolite Petovan
@silverwizard Got it, I was more asking about the normalization you also mentioned, but this is good stuff nonetheless.
@silverwizard
in reply to Hypolite Petovan

silverwizard
silverwizard

@Hypolite Petovan The normalization is mostly a matter of fighting the process of seeing security as a cost center and underfunding it.

So - the core thing is complexities around risk and access. Part of corporate culture is risk appetite. Corporate culture loves accepting risk, and so security teams kinda don't have a lot of leverage. And that's where the problem is, ya know. I don't know how to fix that.

@Hypolite Petovan