sͧb̴ͫƸ̴gͬᵉ@subm3rge@infosec.exchange
All too often cowardly #management forces the #CISO, or any available #infosec practitioner really, to be the ”bad person” who says ”No”.
I like to think people are smart, and possible to educate. I make sure those who need, have heard anything really important at least six (6) times - I stay on message.
So, when an exec, line manager, product owner, or even an IC in a team suggests doing something blatantly insecure, that looks cool and gives the org a sugar rush, I know for a fact that they aren’t naïve, uneducated or unaware of the security issues.
They are cowards. They want all the accolades of suggesting cool sugar, but none of the responsibility for consequences of saying ”No”. They punt that to #security.
It’s fucking exhausting being the grownup.