Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Mario Platt Profile picture
Mario Platt
@madplatt
CISO @broadlightinfo, Security Consulting Practice Lead - Infosec meets Safety and Resilience Eng, DevSecOps, Wardley Map, Sec Strategy 🇵🇹 🇬🇧 (he/him)
Jan 26, 2022 16 tweets 3 min read
On professionalisation of the UK Cyber Security

I've now contributed my thoughts, and there's 1 particular aspect that should be a consideration for unintended consequences if it's to go ahead as described

Is the bulk of "security work" a specialism in organisations ? 🧵 With the advent of DevOps and related paradigm shift, a significant amount of "security work" is performed by "non-specialists", which is supported by specialism as and when required with a view to embed practices in teams which are NOT security (Platform, Development) etc
Feb 13, 2021 17 tweets 3 min read
Compliance is fundamentally at odds with innovation and continuous improvement

Compliance tends to constrain operations to narrow sets of approved sequences of tasks as the means to assure the secure attainment of certain business outcomes. But at what cost ?

🧵 Operational practices have an emergent nature to them. They’re affected by people, their expertise, their relationships, their team goals, role perceptions and also member needs as humans and professionals.
In this entangled mess of variables, aspects practice-as-done are
Feb 9, 2021 16 tweets 4 min read
2 different frames or metaphors for #CyberSecurity

Security as a Quality Management issue thus a problem of robustness

Security as a Safety issue thus a problem of resilience

They’re fundamentally different, may even be at odds but how ?

🧵 A Quality Management metaphor leads us down elements of testing, predictability and reliability in that we aim to be effective at dealing with predicted threats which represent a finite configuration of what our industries expect. We aim for “maintaining process integrity inside
Feb 6, 2021 12 tweets 4 min read
I’m thinking (maybe wrongly) that we, in #InfoSec, are still largely attached to the language of “People, process and technology” in how we design security practices.

I don’t think that’s the best lens to look at the Sociotechnical systems we wish to influence. Here’s why:

🧵 “People, process and technology” has built into it a mechanistic decomposition of what a security practice entails. It transpires as an analytical approach, in that we “tear it apart, study its parts and then build it back up”.

There’s nothing inherently wrong with analysis but