I went from an environment where I had built and controlled everything going back 10 years, to an Enterprise where I have a tiny slice of direct control, but Security purview over everything.

This shit is fucking hard beyond anything I anticipated, and none of it is technical.

Everything I learned and became working in a small/medium org directly relates to the Enterprise on a technical level. In fact, I have lots of tiny insights.

If you’re concerned about skills, have absolutely no shame or reticence about the size of your employer. Same battlefield

Everybody runs Windows 10, everybody uses Office 365, there’s never been LESS difference between a Fortune500 and a regional shower tile supplier.

The Fortune500 and the regional tile distributor both have access to 90% of the most important security controls in Win10/O365, except the Enterprise has to hedge against IT solutions it can’t closely engineer at the architect level, spending many millions on secondary controls.

Having many security solutions IS NOT THE GOAL. Buying layers of protection, hedging against areas you don’t have confidence in, ISN’T SOMETHING TO ADMIRE.

To an Enterprise, it’s mandatory. It’s the cost of doing business with massive human organizations and million moving parts

Absolutely in no way should you benchmark yourself against an Enterprise, which might as well be a Star Trek ship for how much it relates to how you should do things in IT security.

Focus on the fundamentals. The base guidance. They may seem hard for you, but it’s totally doable

For many years I labored under this illusion – that nothing I did was good enough. I could never compete without the Expensive Tools in Airport Advertisement. A hopeless battle I fought anyway.

I lost so much time. So much of my life. Dreaming, if only I

was somebody different.