The longer I work in InfoSec, the more strongly convinced I am that security people need to be deeply embedded in the day-to-day workings of their organization--not to interject friction at every point, but to understand how the business works and what the priorities are.
Many InfoSec people mistakenly believe their job is to pitch security "advice" at the business from outside, which is just actively harmful in many ways.

There is no "right" way to do things. There are safer ways to do the things you're doing.
And most importantly, what you choose to do from a security standpoint should align with focus areas and competency of your organization. Where can you get a lot of "bang for the buck," where can you utilize existing skills and resources the organization has?
You can follow @chort0.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more