This thread is spot on. #Security folks, please, please read. The perspective of security from a CISO to a security vendor is so different. Let's close that gap! Despite chatting with @chadloder often I somehow missed this thread. Thanks to @dacort for resharing this.

Yes! The CISO has a list of probably 50-100 known security problem areas. The top 5-7 may getting focus each year. It's not whether or not 'X could be better' but whether that's the current focus based on risk prioritization. nitter.vloup.ch/chadloder/status…

This is very true and a tough byproduct of our young industry. Many ways to have a major impact in the security field. One way to have major impact is true lead an amazing security org. Requires more than just tech chops, have to be great people mngr too nitter.vloup.ch/chadloder/status…

😀 Yup. nitter.vloup.ch/chadloder/status…

In isolation, academic security is easy. In practice, security brings together psychology, human dynamics, incentive systems and just a bit of technology - it is hard. nitter.vloup.ch/chadloder/status…

Some of the most important priorities from my years as CISO were actually implementing 'security basics' at massive scale. You have to do the core elements right, all the time, everywhere, and at scale. That's actually pretty hard. nitter.vloup.ch/chadloder/status…