Kelly Shortridge
I’m in a reflective mood this week and it’s kind of wild to me that I’m known as a “provocateur” in #cybersecurity for takes like:
💡 don’t shame victims
💡 UX matters, a lot
💡we should understand what we’re supposed to protect
💡 if someone clicking a thing on the thing-clicking machine leads to security failure, they are not the foolish one
💡 the best things a security program can invest in aren’t in the RSAC vendor hall
💡 maybe we should start actually proving outcomes??????????
¯\_(ツ)_/¯
Bynkii (they/them)
My security team: “we just eliminated a core functionality without warning or notice and you’re only going to find out when your users start complaining.”
Us: “we understand why you did that and in many ways it was a good idea but there’s no way this was a spur of the moment decision so we’re a bit put out that we got no warning so we could have new systems in place to replace that functionality”
My security team: “so you want to be insecure!”
Bynkii (they/them)
@shortridge Us: “no, we want better communication”
My security team: “we don’t exist to make your life easier”
Us: “Wait what?”
My security team: “WHEN WE SAY JUMP YOU JUMP, YOU DON’T WASTE OUR TIME WITH STUPID QUESTIONS ABOUT HOW HIGH!!!”
s i g h
Kelly Shortridge
@bynkii there’s such a fucked up authoritarian streak in cybersecurity culture. If there’s one thing I could change, it’s probably that.
My jimmies are rustled just reading that exchange
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.