Skip to main content


I am constantly shocked at how much we've normalized constant attacks and ransoms instead of just... letting people do security.
in reply to Hypolite Petovan

@Hypolite Petovan it mostly means security teams being part of project plans so they can manage expectations, and build real-world security solutions
in reply to silverwizard

@silverwizard Got it, I was more asking about the normalization you also mentioned, but this is good stuff nonetheless.
in reply to Hypolite Petovan

@Hypolite Petovan The normalization is mostly a matter of fighting the process of seeing security as a cost center and underfunding it.

So - the core thing is complexities around risk and access. Part of corporate culture is risk appetite. Corporate culture loves accepting risk, and so security teams kinda don't have a lot of leverage. And that's where the problem is, ya know. I don't know how to fix that.