Share this page!

Robᵉʳᵗ Graham Profile picture
Twitter logo
26 Oct, 11 tweets, 2 min read
If it includes trying to justify a bigger budget, then you are doing cybersecurity wrong.
2/ Ok, let's explain this.

The reason is this is the 99% of the conversations the CEO has. EVERYBODY is convinced they need a bigger budget. And they all have the same reasons.
3/ Put it another way, the CEO has already decided their reasons weren't good enough, so that when you make the same arguments, they'll decide your arguments aren't good enough.
4/ Among the many failed arguments is those claiming "we just need a little bit more". You haven't done a rational analysis of how much budget you need, you've done an irrational analysis of "whatever that is, we need more".
5/ Everyone thinks there's a slush fund sitting around, money that's not being used, and want that.

In fact, it's all being used. To give you more money means taking away money from another department -- a department using the same arguments as you for why they need more
6/ This desire for infinite budget warps our thinking. Take "defense in depth". In military strategy, it means removing forces from the perimeter toward the center. In cybersecurity, it doesn't mean removing protections from the perimeter, but only adding more.
7/ What you haven't done is a rational analysis of how to spend the budget you are given. Is your department spending money the optimal way? You can't answer that and yet you want more.
8/ How do you know that this extra chunk of money can't be better spent on more marketing? Better HR benefits package? Upgrading the offices? etc. That's what the CEO has to decide and you provide ZERO information to help them.
9/ "But if we spend $10 now we can save $100 later". You lie. You don't know that. It's the same lie everybody tells the CEO. They are very good at spotting such lies. That money must come from some other department who made the same claim.
10/ The trick to getting a bigger budget is to spend that time with the CEO explaining how you want to address ransomware within the current budget, like not renewing AV licenses to use that money to move to a tiered domain model.
11/ It builds trust. It communicates you actually have a serious plan for addressing ransomware and that you aren't using it as an excuse to increase your budget.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham

Robᵉʳᵗ Graham Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robᵉʳᵗ Graham Profile picture
25 Oct
FYI: "audit" logs and "forensics" logs are different beasts.

Traditionally, an "audit" is when the auditor is trying to confirm something specific, like whether your numbers add up or you correctly followed procedures.

A "forensics" investigation is open-ended, indeterminate.
An audit starts with something is known, such as reporting quarterly results, and seeks to confirm that they are actually true.

A forensics results with an unsolved crime, and hopes to maybe find out what happened, and half the time, comes to no conclusion.
They do overlap. Forensic auditors seek to find money that people try to hide off books or embezzle, for example. Before computer logs, I'm not sure if there was an important distinction.
Read 9 tweets
Robᵉʳᵗ Graham Profile picture
21 Oct
My 9-year-old NAS RAID is having drives failing.

One drive failed completely. Another reported recoverable SMART read errors, so it, too. Now a third is reporting recoverable SMART errors.

I think maybe it's time to replace all the drives. With bigger ones of course.
For the non technical:
NAS = server on my local network
RAID = extra ("redudant") drives so that if one fails, it can be replaced without losing data
SMART = a feature of modern disk drives that record events, from temperatures, how many hours it's been on, and various errors
"Errors" can be recoverable -- the read head repeatedly reads the chunk of data until it gets back a valid chunk. But when they start happening, it means unrecoverable errors are likely to start happening.
Read 5 tweets
Robᵉʳᵗ Graham Profile picture
19 Oct
If your infosec programs consists of Magic Quadrant leading tools then you are morons.
It's not technical experts evaluating products that put them in the Magic Quadrant. It's marketing experts evaluating marketing messages that put them in Magic Quadrant.
Gartner's customers, those buying Magic Quadrant reports, aren't the techies in the trenches using them, but high-level management who'd prefer to listen to Gartner market analysts than their own techies.
Read 4 tweets
Robᵉʳᵗ Graham Profile picture
15 Oct
I went to the eye doctor today. I shouted (well raised my voice slightly) "you aren't listening to me".

I finally got my eyes diagnosed in ways that should've been done when I was a kid. My eyes have many small problem that have been ignored forever.
I can see the same confirmation bias that I see in my own industry, where evidence is simply pigeon holed into what they already know, so there's terrible inertia if something doesn't quite fit an existing pigeon hole.
I have three separate problems but they are all minor. But they mean that whenever I get glasses, they don't help much, which is why I don't wear glasses.
Read 7 tweets
Robᵉʳᵗ Graham Profile picture
15 Oct
Ok, let's turn this around and look at it from the Governor's point of view.

Anti-hacking laws are largely based upon trespassing laws. So let's look at it form that angle.
You've seen "no trespassing" signs like this one.
Prosecutor: did you see the sign?
Trespasser: yes, but the fence was so easy to climb over it posed no barrier
Prosecutor: but did you see the sign?
Trespasser: yes
Prosecutor: so you knew you were trespassing?
Trespasser: yes
Computer trespass works the same way:

Hacker: yes, but base64 isn't serious encryption and easily bypassed
Prosecutor: but you knew you weren't authorized to see that social-security number?
Hacker: yes, but...
Prosecutor: so you knew you were trespassing?
Hacker: yes, but
Read 15 tweets
Robᵉʳᵗ Graham Profile picture
15 Oct
A governor of a state sent the police to harass to a journalist who exposed embarrassing information. I'm not sure how that's not "pile-on" worthy. You don't need any technical knowledge to understand why this is a problem.
What techies understand is how when a website publishes something in a webpage, it's their fault for doing so, and that obfuscating it requiring extra steps to "decode" is not protection, and bypassing obfuscation is not a crime.
You untechies may be confused about this, but it's a principle techies have understood since the 1880s ("Kerckhoff's Principle"). This is not a typo. I didn't mean we've known since the 1980s, I mean it's a principle of the 1880s.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ErrataRob has new unrolls!

Check out other threads from @ErrataRob!

Read all threads by @ErrataRob

:(