Compliance: “You must encrypt these fields to be in
compliance with standards.”
User: "Compliance says that these fields need to be encrypted. I'll put in a ticket."
Auditor: “We've discussed this with compliance. Our recommendation to the Board is that these
fields are encrypted in the next quarter”
Test Lead: “Encrypting these fields will break all of our
test cases and need months of rewrite.”
VP of Sales: “We’ll have months of new revenue delayed.”
CFO: “I’m not going to the Board to report a delay in
revenue”
Virtual CISO: “Security should be built in and not sprayed
on.”
DevOps Lead: "Security always breaks stuff."
CIO: "I’m hearing that
security wants to break things? Why does security want to break things?"
Operations Lead: “Nothing better break, I have uptime
to keep.”
Security Engineer: “Hey, has anyone looked at
this ticket?”
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
A Second Cyber Security Metaphor
No comments:
Post a Comment