Here's a question:
-
Here's a question:
What's the cybersecurity hill you're willing to kill on? (I ain't dying for this stuff).
-
Here's a question:
What's the cybersecurity hill you're willing to kill on? (I ain't dying for this stuff).
@infoseclogger Without a decent asset inventory, everything else is just checking boxes.
-
Here's a question:
What's the cybersecurity hill you're willing to kill on? (I ain't dying for this stuff).
@infoseclogger So many to choose from. I guess the one that irks me is letting things go EOL and expecting mitigations only.
-
Here's a question:
What's the cybersecurity hill you're willing to kill on? (I ain't dying for this stuff).
@infoseclogger you only need the tiniest bit of password complexity to be safe. How long it takes to crack the hash basically doesn't matter. What you really need is uniqueness, and a password manager
-
Here's a question:
What's the cybersecurity hill you're willing to kill on? (I ain't dying for this stuff).
@infoseclogger most endpoint security software (and plain antivirus) is built on layers of vulnerable components and I don't have a solution
-
Here's a question:
What's the cybersecurity hill you're willing to kill on? (I ain't dying for this stuff).
@infoseclogger Two things.
1) Cybersecurity is no longer a rapidly changing industry. We, more or less, know how to do things well. It hasn't been for 5... maybe 10 years at this point.
2) Cybersecurity is a half-hearted attempt at turning computing into an engineering field. In 20 years, assuming the world doesn't get destroyed, I think we'll be talking about it more in terms of 'computing safety engineering" or something similar.
-
@infoseclogger most endpoint security software (and plain antivirus) is built on layers of vulnerable components and I don't have a solution
Been there. Sharing something you find with product vendor and getting the 'feature not bug' talk is painful.
-
@infoseclogger Two things.
1) Cybersecurity is no longer a rapidly changing industry. We, more or less, know how to do things well. It hasn't been for 5... maybe 10 years at this point.
2) Cybersecurity is a half-hearted attempt at turning computing into an engineering field. In 20 years, assuming the world doesn't get destroyed, I think we'll be talking about it more in terms of 'computing safety engineering" or something similar.
#1 is why I don't soil myself over AI. It found a new way to do the thing you should already be monitoring for. Wow.
#2 - I think infosec should be taught almost like a humanities field. it's about people behavior as much as technical anything.
-
@infoseclogger you only need the tiniest bit of password complexity to be safe. How long it takes to crack the hash basically doesn't matter. What you really need is uniqueness, and a password manager
What you need is leadership and policy that let you enforce the use of a password manager.
-
R relay@relay.infosec.exchange shared this topic
