Conversation

Notices

1. Embed this notice
   silverwizard (silverwizard@convenient.email)'s status on Monday, 08-Jul-2024 23:43:50 JST silverwizard
   I am constantly shocked at how much we've normalized constant attacks and ransoms instead of just... letting people do security.
   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Tuesday, 09-Jul-2024 00:12:55 JST silverwizard

     in reply to

     • hypolite
     @hypolite it mostly means security teams being part of project plans so they can manage expectations, and build real-world security solutions
   • Embed this notice
     hypolite (hypolite@friendica.mrpetovan.com)'s status on Tuesday, 09-Jul-2024 00:12:56 JST hypolite

     in reply to
     @silverwizard How do you see that unfolding in practice?
     silverwizard likes this.
   • Embed this notice
     hypolite (hypolite@friendica.mrpetovan.com)'s status on Tuesday, 09-Jul-2024 00:41:32 JST hypolite

     in reply to
     @silverwizard Got it, I was more asking about the normalization you also mentioned, but this is good stuff nonetheless.
     silverwizard likes this.
   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Tuesday, 09-Jul-2024 00:56:42 JST silverwizard

     in reply to

     • hypolite

     @hypolite The normalization is mostly a matter of fighting the process of seeing security as a cost center and underfunding it.

     So - the core thing is complexities around risk and access. Part of corporate culture is risk appetite. Corporate culture loves accepting risk, and so security teams kinda don't have a lot of leverage. And that's where the problem is, ya know. I don't know how to fix that.