Martin Boller :debian: :tux: :freebsd: :windows: :mastodon:@itisiboller@infosec.exchange
@krypt3ia@infosec.exchange I do see a move away from any RealSecurityβ’
and a move towards check-mark compliance potentially even accelerated by all the regulatory compliance requirements - While said requirements COULD have been used to improve security posture they are effectively starving effective measures (and thereby current best practices) further increasing security poverty.
"Compliance-sizing: the act of replacing highly skilled and educated cyber security professionals with auditors.
β¦Or just overwhelming said professionals with sheer amounts of useless βcontrolsβ developed by people with no real understanding of how Threat Actors operate"
SIEM Shady@CDubbs@infosec.exchange
@itisiboller@infosec.exchange @krypt3ia@infosec.exchange One way I try to wrangle this is I challenge my GRC colleagues to reflect on the question:
"What have I done today to make a threat actor's job more difficult?"