Idk no shade to anyone but it’s so interesting how something happens and we’re all like “DO THE BASICS” but man when you’ve worked IT Ops & sys admin at large orgs (not vendor), and have to work with and alongside many tech teams, simple basics turn into complex yr long projects

And don’t get me started on the politics.

Even something like “enable MFA for everyone” can turn into a political battle among many battles esp if C-Suite hates the idea.

Or like identifying app ownership across IT & the business can ruffle enough feathers https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦🏽‍♀️" title="Frau schlägt sich die Hand vors Gesicht (mittlerer Hautton)" aria-label="Emoji: Frau schlägt sich die Hand vors Gesicht (mittlerer Hautton)">

Even deploying an updated OS or new devices is a mission/takes so much coordination, buy-in, comms, sign-off ++ THE BASICS ARE HARD and if your InfoSec Leadership is scared of fighting them battles then https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤷🏽‍♀️" title="Achselzuckende Frau (mittlerer Hautton)" aria-label="Emoji: Achselzuckende Frau (mittlerer Hautton)">

I hate that we make it sound so simple.

It’s not as simple.

Shout out to IT folks, sys admins, in-house InfoSec folks who want to do it all but don’t have the internal support or funding and can only do the best they can.

I know it’s not as east as a simple tweet. I see you