Insider threat is more nuanced than yes/no to monitoring
As someone who’s worked on dedicated insider threat teams for large organisations before, I’ve got mixed feelings on this article.
Justin really should have included some details around scope of user event logging and what he considers excessive rather than keeping it intentionally vague. Logging of user activity is a fundamental part of maintaining the security of your environment, and the devil is in the details when it comes to “too far” which the article sadly lacks. It’s a far cry from logging workstation activity, and DLP events, compared to always-on microphone and webcam tracking software. Employees deserve privacy and respect, which means conversations about the scope of corporate device monitoring are sorely needed which can break the issue down, not articles which broad-brush it as “monitoring can feel like bullying so let’s not do it”. That’s not how you deal with risk.
Normally love your work Justin, but this isn’t quite it.