(2019-01-10): risk management, corporate security culture, blue side, rants
[00:20:06] we have policies that are written by security for security that no one ever reads let alone understands or adheres to. They've written like Ten Commandments thou shalt not share thy password. Why not. They never explained why not or what the alternative is. [00:20:21]
The second episode of 2019 brought us Ed Tucker with his fantastic, straight to the point and tell-it-how-it-is Brummie personality to speak about the ever changing security landscape - or, how some things just don't change. Details:
- stocking shelves -> pub support -> HMRC -> European CISO Of The Year;
- jumpstarting security at HMRC;
- security's problem: we assume the controls work, they don't;
- helping security startups;
- and the first edition of now known as "Ed Tucker Rant"
plus questions from the audience, as always!
- [00:04:21] There is a little potted history with me that almost everyone I've ever worked for has gone bust, apart from Fujitsu and HMRC [00:04:29];
- [00:07:11] like most people my age is at some point in my life I tripped and fell into security because it didn't exist as a career path [00:07:18];
- [00:20:41] we have all these various controls in place and most of them don't work; firewalls that effectively are there to heat your data center because no one's got a bloody clue what rules are on them [00:20:51];
- [00:57:57] Someone will always click that always open or they'll reply or do something. It's almost inevitable. [00:58:02];
- [01:27:34] There was a great thread on Twitter not so long back about someone who is basically saying that if you weren't that ninja coder that you were basically substandard infosec it was like fuck me that's so wrong [01:27:48].