Tuesday, June 22, 2021

Trying to follow infosec advice

from here and here

Inspired by an anecdote shared by Matthew Gracie.

Infosec rockstars like to share stories about the amazing things they do at the amazing organizations they work at. That's completely fine as long as you (and they) can keep in mind the second part of that statement. 

Unfortunately, if you can't (like most of us), it just serves to create unrealistic expectations. Those tall tales turn into advice that most can't follow because the support and/or resources just aren't there.

It's probably best to treat such stories as parables rather than prescriptive advice. See if you can find lessons you can use in them, but don't worry too much about trying to do exactly the same thing..