Beyond the praise here for a salient post on cybersecurity. Things I’ve been highlighting for, like, forever, including digital supply chain (OSS), was your targets are SMBs. Representation on USG “cyber boards” are non-existent so their perspectives are often lost.
This tweet is unavailable
3
1
8
Replying to @webjedi
I feel like I’ve spent my entire IR life supporting SMBs. The “InfoSec Poverty Line” cuts much higher than most people guess.

Apr 5, 2022 · 12:47 PM UTC

1
3
Replying to @hal_pomeranz
This is also why I introduced the “Security Waterline” to build on when talking about resiliency. Most go to the controls/minimal for compliance, but can remain afloat if they get hit, so the idea is to build to be buoyant if the controls fail… how to do it on budget, well 🤷🏼‍♀️