So, I teach info security and IT governance certification courses.
And I have endured many years, it feels like many lifetimes, of “certifications don’t matter. Just make a home lab!” And “compliance doesn’t equal security!” From people who get paid a shit ton more than I do.
And I just want to say, accountability for this in every organization that is affected lies with the board of directors. Period. You cannot outsource accountability. There will be lawsuits. And downstream impacts.
So, you’re right. Certifications and compliance don’t equal security. But today it sure as hell seems like having a management team and BoD that can’t just say, “I had no idea automation was so risky and we needed security staff to evaluate releases” is a better option than “Fire the security staff, automate the hell out of everything, and don’t bother me until I’m back from my golf vacation.” Followed by the exhausted techs shrugging their shoulders, saluting the boss, screaming “YOLO” and hitting enter.
=> More informations about this toot | View the thread | More toots from graymattergrcltd@infosec.exchange
text/geminiThis content has been proxied by September (ba2dc).