So, I was trying to summarize my thoughts on why THREAT #DETECTION is hard (1/m)
Naturally, first a quip on "well, the attackers don't want to be detected" came to my mind ... (2/m)
Well, except for ransomware after they are ready ... (3/m)
What else? PEOPLE. Today (and probably forever ... until #AGI?), well-done threat detection must involve people and for many security programs, well, "people are hard" (4/m)
What else? I have this as my draft slide. Got more ideas? (5/m with ... duh ... m=5) :-)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Why can't we have "blameless post-mortems" in security? #question
To me, however, this does NOT mean that gross incompetence should not be found, blamed and punished. Just that the post-mortem analysis process needs to be run blamelessly (am I off here?)
BTW (and please correct me if I am off here), I trace the origin of "blameless postmortem" concept to this: landing.google.com/sre/sre-book/c…