Profile picture
Chad Loder ❇️ @chadloder
, 10 tweets, 4 min read Read on Twitter
This is the best thing on Twitter this morning. I see too many security products trying to *replace* human-to-human interaction - there’s a good chunk of security and privacy that’s about *people*.

Let’s make more products which help people STOP, collaborate, and listen 😝
Forgetting about the “people” part of security is why we’ve heard “GRC is dead” for the last 10 years. We’re on “GRC 4.0” now and it *still* sucks.

GRC tools like Archer are designed for Process and Technology but forget about the poor People who have to use that dumpster fire.
We still have new vendors trying to design single-pane-of-glass “CISO dashboards”, meanwhile *very* few security companies are truly focused on people (not just security people) inside of organizations.

@duosec is one of the few companies who has focused on people. @habitu8 too
I get really skeptical of machine learning / AI-based security products that promise to take the place of people talking to and collaborating with other people.

Security tech *could* be facilitating meaningful human interaction at scale, rather than trying to replace it.
Frankly I think the trend in #security tech of “making humans obsolete” has more to do with the fact too many #infosec ppl believe “Security would be perfect — if we could get just rid of people and their messiness”.

Security is FOR people.
You can’t abstract people out of the #security equation.

I know many technologists would prefer not to deal with the messiness of humans, especially empowered humans who are allowed to think for themselves and make decisions.

That’s a really dystopian vision.
#infosec tried for 20yrs to use enforcement rather than education to keep people from making mistakes. Removing choice, blocking everything - it’s all stick and no carrot.

Finally, #infosec has no sticks left to use to control users. We only have carrots. Now what?
With BYOD, “Shadow IT”, remote workforce - #infosec has run out of sticks and has to rely on carrots.

Frankly it’s about time.
I mean, Marcus Ranum literally called “Educating users” the 5th dumbest idea in computer security in 2005.

I’d argue we haven’t really tried. And I’d also argue we no longer have a choice.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Chad Loder ❇️
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!