sͧb̴ͫƸ̴gͬᵉSoft-spoken security old guy.
Multi-industry, always infosec, often IT/OT, sometimes physical/personal. I can find a policy, a pentest, or a bulletproof vest that suits your needs.
I mostly write like I prefer my coffee - dark, bitter, scalding.
sͧb̴ͫƸ̴gͬᵉOut of my six decades of life, I can detail the single moment when I felt reservationless #happiness, for three minutes.
It was a trivial, everyday event in a fleeting interaction with a stranger, many years ago.
I cherish that moment, but to be honest, I was hoping for… more?
sͧb̴ͫƸ̴gͬᵉOut of my six decades of life, I can detail the single moment when I felt reservationless #happiness, for three minutes.
It was a trivial, everyday event in a fleeting interaction with a stranger, many years ago.
I cherish that moment, but to be honest, I was hoping for… more?
sͧb̴ͫƸ̴gͬᵉAll too often cowardly #management forces the #CISO, or any available #infosec practitioner really, to be the ”bad person” who says ”No”.
I like to think people are smart, and possible to educate. I make sure those who need, have heard anything really important at least six (6) times - I stay on message.
So, when an exec, line manager, product owner, or even an IC in a team suggests doing something blatantly insecure, that looks cool and gives the org a sugar rush, I know for a fact that they aren’t naïve, uneducated or unaware of the security issues.
They are cowards. They want all the accolades of suggesting cool sugar, but none of the responsibility for consequences of saying ”No”. They punt that to #security.
It’s fucking exhausting being the grownup.
sͧb̴ͫƸ̴gͬᵉOne fantastic privilige I’ve had in my career, is how everyone I was ever tasked with providing #security for, was morally deserving of it in a to me non-convoluted and ethically clear way.
One can argue about the finance industry, and I suppose defense as well, but given the specifics of what I worked for there, it was The Good Fight.
But now, with fascism and authoritarianism on the rise, I wonder if it will be as easy for my guild colleagues to find a righteous path.
Working for Meta, Musk, Microsoft, Google et.al, not to mention any data analytics firms, it seems so evil. Morally bankrupt people, using the excuse of avoiding personal fiscal bankruptcy.
Working for the govt in any country where fascism has taken hold, same thing - reprehensible at best, crime against humanity most likely.
But that’s where the security jobs will be, because those are the only ones that will be allowed to have any security - everyone else will have it stripped away by law and by force.
#Privacy, #integrity, #safety - it will be ripped away, and sadly I fear it will be my #infosec guildies who will help design the tools and the trappings for the job.
There will be some engineer designing the new age control mechanisms, just as there are cadres of stormtroopers at the aforementioned places already having built Evil Things.
What happens when the only ones who can demand security, aren’t deserving of it? What will a #CISO do then?
Or rather, what will those who stay do? I won’t have to.
sͧb̴ͫƸ̴gͬᵉAbout me:
Soft-spoken #security old guy.
Multi-industry, always #infosec, often IT/OT, sometimes physical/personal. I can find a policy, a pentest, or a bulletproof vest that suits your needs.
I mostly write like I prefer my coffee - dark, bitter, scalding.
https://justmytoots.com/@subm3rge@infosec.exchange