silverwizard

silverwizard@convenient.email

Father first and foremost
RPG player/hacker for fun and explicitly not profit
InfoSec for Profit
Feral Child of Unix and RFC 2324

silverwizard@obscuritus.ca

http://obscuritus.ca

silverwizard

4 months ago from ZoobopDeDoDop!

silverwizard
4 months ago from ZoobopDeDoDop!

I am constantly shocked at how much we've normalized constant attacks and ransoms instead of just... letting people do security.

Hypolite Petovan

4 months ago •

@silverwizard How do you see that unfolding in practice?

@silverwizard

silverwizard likes this.

silverwizard

4 months ago from ZoobopDeDoDop!

@Hypolite Petovan it mostly means security teams being part of project plans so they can manage expectations, and build real-world security solutions

@Hypolite Petovan

Hypolite Petovan likes this.

Hypolite Petovan

4 months ago •

@silverwizard Got it, I was more asking about the normalization you also mentioned, but this is good stuff nonetheless.

@silverwizard

silverwizard likes this.

silverwizard

4 months ago from ZoobopDeDoDop!

@Hypolite Petovan The normalization is mostly a matter of fighting the process of seeing security as a cost center and underfunding it.

So - the core thing is complexities around risk and access. Part of corporate culture is risk appetite. Corporate culture loves accepting risk, and so security teams kinda don't have a lot of leverage. And that's where the problem is, ya know. I don't know how to fix that.

@Hypolite Petovan

Hypolite Petovan likes this.

⇧