Options
Infosec: Ever ask why do I bother?
Chinook
Member Posts: 206
Any of you security consultant types ever ask "why do I bother?". It's like standing on a mountain top shouting down to the masses who just aren't listening? Simple things like the resistance to complex password because executives don't like it? The expectation users should have the right to install anything they want? Being told that network segmentation is too "complex" and too much work even if it might help control ransomware? Or how 2FA is just too much of an inconvenience? Or the 5000 other examples I could use....
And there is the "should I tell them about their vulnerabilities" or will I risk having Federal agents show up at my house wondering why I was able to find such a vulnerability?
Am I the only security orientated guy out there who feels this way? And knowing what I know about cyber security the thought of the Internet of Things makes me want to live in a cabin and grow my own food. #Yay for Tesla home batteries.
Or am I just insane?
And there is the "should I tell them about their vulnerabilities" or will I risk having Federal agents show up at my house wondering why I was able to find such a vulnerability?
Am I the only security orientated guy out there who feels this way? And knowing what I know about cyber security the thought of the Internet of Things makes me want to live in a cabin and grow my own food. #Yay for Tesla home batteries.
Or am I just insane?
Comments
-
Optionsrevbox
Member Posts: 90 ■■■□□□□□□□
I remember early on when I was a new site technician and having VPs visiting our building. I was paged to the conference room so I show up to assist the VP crowd get on the corporate network wifi even though there was a guide sitting on the table that details how for both employees and guests. I walk in and ask the few guys in the room to login to their laptops for me so I can help. Everyone immediately gets up and hands me a sticky note with their domain accounts and passwords scribbled on the paper. The VP in charge says, "Just get us on the network. We're going to smoke." It made baby Jesus cry. Our corporate domain accounts are what we use to manage our corporate identities, expense accounts, retirement, benefits, etc. It is rule number one of what not to do. I wish I could tell you that this was the only time that happened and the only executive level guys it happened with. I wish I could tell you that.
-
Optionstmtex
Member Posts: 326 ■■■□□□□□□□
Yes been there many times. The VP signs off on some procedure and if sally the employee want to violate that policy she isn't allowed to but when Ms. VP wants to its "who do I call to get this done!!!" unlock it NOW !! Do you know who I am ! And yes upper mgmt. says let her do it.
So yes you sit back and go why do they even have these policies for??