Re: Not as foolish as you think…
I used to work for a law firm, and yes it's exactly this.
9 publicly visible posts • joined 3 May 2018
'a demand for Amazon to deliver a list in 6 days of "all other companies that in the last 2 years have had their data pillaged while stored on AWS using both known and unknown vulnerabilities as well as misconfiguration".'
Never mind being an enormous task, it's also an impossible one. Why would AWS know about all client screwups that led to client data losses?
It's different when you're in-house, but if you're a consultancy or service provider I'd expect the employer to be funding certs because that helps them sell the staff, especially for things like 27001.
Also, I don't think I've worked anywhere in the last 15 years that wasn't willing to fund at least one cert a year, but I'm in the UK working for UK companies.
Why would anyone in cyber security stick with an employer that hasn't given them a raise in three years? Do they not know what the market looks like? Also, I'd be straight out the door if someone told me to pay for my own 27001 lead auditor cert.
Remember kids - you owe your employers about as much loyalty as they're going to give you. So you know, basically none.
Agreed - I really don't see why anyone would feel better about this software simply because the geographic location of the tin it's being compiled on has changed. As far as the software audit goes, I suppose the jury is out, but honestly, are they going to validate it on a daily basis such that they can authoritatively say that distributed binaries truly contain only the code validated? Honestly, Kaspersky are in a bit of a bind here, and I'm really not sure if there's a clear way out.
"I'd like to see more citations"
Alas, people don't write down everything they say. If you've really reached the point where you feel you can't trust new that appears in places like the FT and The Register without references then perhaps you should give up on news? (Apart from what you read on the sides of buses, clearly.)