Can’t fault their creativity...

Brilliantly put!

Pin this evergreen tweet from now till next christmas. What a precise means to communicate this concept. I will shamelessly borrow (with attribution) this till the end of my days.

What you call technical debt is simply the tradeoff that's been going on for decades between security and productivity.

And we know that traditional technical debt has evolved to what I call Tech Debt 2.0 which is more sinister and opens many more options for threat actors to exploit. Our management sophistication needs to evolve along with the evolution of technical debt!

Completely agree. The technical debt runs really deep as cybersecurity wasn't an organizational priority for many decades of business and IT decisions (and still isn't at many organizations). The marriage of this attacker business model and cred theft methods worries me a lot.