undefined | Better HN

0 pointstaeric3y ago0 comments

I clearly don't know all the specifics of their case. Such that, if you have closer information, I am not trying to gaslight you on what you know.

I am concerned with "best practices" in our industry, though. Too many of them are not geared to wide adherence and have fantastically bad failure cases.

0 comments

alephnerd3y ago

All good mate! There are some specifics I don't (and don't think I can) get into, but big picture, a lot of the core best practices in configuration management and security do work, the issue is whether you are able to hire people who can actually implement and understand WHY those practices are in place and how to iterate if said practices don't work. Most organizations across the globe have barely gotten a handle of ACLs and Security Groups, but evangelizing best practices for Endpoint Security, Cloud Security, OT Security, etc will take another 10-20 years simply because of inertia and the common sentiment that IT is a cost center.

Random think tanks doing thought leadership on CNN or at Brookings will jack themselves off to the notion of "online warfare" and whatnot, but those guys can barely type, let alone write cohesive policy.

I've been on both sides of this - both in the policy making world and in the private sector tech world - and cases like Oakland keep happening in a daily basis everywhere and will keep happening forever.

j / k navigate · click thread line to collapse

0 pointstaeric3y ago0 comments

I clearly don't know all the specifics of their case. Such that, if you have closer information, I am not trying to gaslight you on what you know.

I am concerned with "best practices" in our industry, though. Too many of them are not geared to wide adherence and have fantastically bad failure cases.

0 comments

alephnerd3y ago

j / k navigate · click thread line to collapse