Rarely do I see people who actually do incident response or operational information security work dunking on organizations for getting breached. Perhaps they understand something the bandwagoners do not.

Dec 9, 2020 · 3:06 PM UTC

25
42
12
367
And most of them are not on twitter much except to use it for threat intel.
3
Replying to @hal_pomeranz
Exactly. A determined adversary with enough time on their hands is difficult to stop.
3
Replying to @hal_pomeranz
Just talking with a buddy of mine today about this. They should be judged by their response, not by their breach.
4
Replying to @hal_pomeranz
Our job is sometimes to help people eat shit sandwiches when it's the special of the day. Not our jobs to wish it on anyone else or critique their doodoo menu. If you lose empathy, you become a shitty IR rep for your team.
3
Replying to @hal_pomeranz
I'm in Cyber Intelligence and most of my time in Cybersecurity has been in Pentesting and Hacking. No schadenfreude here, no jubilation. To be brutally honest, I'm quite concerned.
1
Replying to @hal_pomeranz
And, I feel for them even more as an infosec professional working in a company that sells an infosec product. I spend a decent amount of time thinking about what a breach in our company would mean for us.
Replying to @hal_pomeranz
The lesson is Everyone has a vulnerability and can be hacked.
1
Replying to @hal_pomeranz
I think that the words are 'empathy' and 'sympathy' .
Replying to @hal_pomeranz
I dont have time or desire to dunk. I have my own organizations to protect that, more likely than not, will have their own breaches to deal with someday. We're only human and can't always think of or cover absolutely everything. Something almost always gets overlooked.