Rarely do I see people who actually do incident response or operational information security work dunking on organizations for getting breached. Perhaps they understand something the bandwagoners do not.

Dec 9, 2020 · 3:06 PM UTC

25
42
12
367
Replying to @hal_pomeranz
When you have limited information, probably not a good idea to throw shade. When you have inside information that security was purposely put on the back burner to pursue near term profit, then it does make sense. Obviously that isn't the case with this recent breach.
1
4
Fair-- but by then you're usually under NDA :-)
2
Replying to @hal_pomeranz
We have a saying which loosely translates into: the best skippers are on the mainland. It's easy to have comments about how people and organisations run their businesses but if one has experience in operational security or systems administration, you'll know how hard security is!
1
Everything is gridiron here-- we call them "armchair quarterbacks"
1
Replying to @hal_pomeranz
There but for the grace of [insert (non)deity of choice] go I.
2
Replying to @hal_pomeranz
something about stones and glass houses...
3
Replying to @hal_pomeranz
I don’t get people giving out a lot with breaches. Managing computer systems inside an organisation (as a whole) is fucking difficult, let alone trying to do that securely. Now it does depend, if an org does nothing to secure their shit that may change my view a bit.
1
1
13
Replying to @hal_pomeranz
Because we know it happens to the best of us.. If you love us when it’s quiet, love us when it’s not. It’s not the just technical, it’s the hoard we face every day..
1
Replying to @hal_pomeranz
Namely... The fact that it can happen to any of us. I know we all like to THINK we are good at this whole InfoSec thing... But I would bet money every one of you knows of some existing gap in your own environment. And if you don't... You're just not looking hard enough.
7
Load more