<![CDATA[Here's a question:]]>Here's a question:

What's the cybersecurity hill you're willing to kill on? (I ain't dying for this stuff).

]]>https://board.circlewithadot.net/topic/a5793cff-088b-47ab-af1e-521d4f2fc196/here-s-a-questionRSS for NodeFri, 01 May 2026 07:58:29 GMTThu, 30 Apr 2026 20:18:50 GMT60<![CDATA[Reply to Here's a question: on Thu, 30 Apr 2026 20:50:08 GMT]]>@iagox86

What you need is leadership and policy that let you enforce the use of a password manager.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/infoseclogger/statuses/116495627636433376https://board.circlewithadot.net/post/https://infosec.exchange/users/infoseclogger/statuses/116495627636433376Thu, 30 Apr 2026 20:50:08 GMT<![CDATA[Reply to Here's a question: on Thu, 30 Apr 2026 20:44:00 GMT]]>@nerdpr0f

#1 is why I don't soil myself over AI. It found a new way to do the thing you should already be monitoring for. Wow.

#2 - I think infosec should be taught almost like a humanities field. it's about people behavior as much as technical anything.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/infoseclogger/statuses/116495603506615635https://board.circlewithadot.net/post/https://infosec.exchange/users/infoseclogger/statuses/116495603506615635Thu, 30 Apr 2026 20:44:00 GMT<![CDATA[Reply to Here's a question: on Thu, 30 Apr 2026 20:42:34 GMT]]>@sharkfie

Been there. Sharing something you find with product vendor and getting the 'feature not bug' talk is painful.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/infoseclogger/statuses/116495597876328963https://board.circlewithadot.net/post/https://infosec.exchange/users/infoseclogger/statuses/116495597876328963Thu, 30 Apr 2026 20:42:34 GMT<![CDATA[Reply to Here's a question: on Thu, 30 Apr 2026 20:26:15 GMT]]>@infoseclogger Two things.

1) Cybersecurity is no longer a rapidly changing industry. We, more or less, know how to do things well. It hasn't been for 5... maybe 10 years at this point.

2) Cybersecurity is a half-hearted attempt at turning computing into an engineering field. In 20 years, assuming the world doesn't get destroyed, I think we'll be talking about it more in terms of 'computing safety engineering" or something similar.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/nerdpr0f/statuses/116495533693924109https://board.circlewithadot.net/post/https://infosec.exchange/users/nerdpr0f/statuses/116495533693924109Thu, 30 Apr 2026 20:26:15 GMT<![CDATA[Reply to Here's a question: on Thu, 30 Apr 2026 20:25:58 GMT]]>@infoseclogger most endpoint security software (and plain antivirus) is built on layers of vulnerable components and I don't have a solution

]]>https://board.circlewithadot.net/post/https://cyberplace.social/ap/users/116440692978306561/statuses/116495532575357174https://board.circlewithadot.net/post/https://cyberplace.social/ap/users/116440692978306561/statuses/116495532575357174Thu, 30 Apr 2026 20:25:58 GMT<![CDATA[Reply to Here's a question: on Thu, 30 Apr 2026 20:25:41 GMT]]>@infoseclogger you only need the tiniest bit of password complexity to be safe. How long it takes to crack the hash basically doesn't matter. What you really need is uniqueness, and a password manager

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/iagox86/statuses/116495531476837770https://board.circlewithadot.net/post/https://infosec.exchange/users/iagox86/statuses/116495531476837770Thu, 30 Apr 2026 20:25:41 GMT<![CDATA[Reply to Here's a question: on Thu, 30 Apr 2026 20:22:49 GMT]]>@infoseclogger So many to choose from. I guess the one that irks me is letting things go EOL and expecting mitigations only.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/siliconshecky/statuses/116495520194258190https://board.circlewithadot.net/post/https://infosec.exchange/users/siliconshecky/statuses/116495520194258190Thu, 30 Apr 2026 20:22:49 GMT<![CDATA[Reply to Here's a question: on Thu, 30 Apr 2026 20:22:24 GMT]]>@infoseclogger Without a decent asset inventory, everything else is just checking boxes.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116495518553621360https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116495518553621360Thu, 30 Apr 2026 20:22:24 GMT