I’m in a reflective mood this week and it’s kind of wild to me that I’m known as a “provocateur” in #cybersecurity for takes like:
💡 don’t shame victims
💡 UX matters, a lot
💡we should understand what we’re supposed to protect
💡 if someone clicking a thing on the thing-clicking machine leads to security failure, they are not the foolish one
💡 the best things a security program can invest in aren’t in the RSAC vendor hall
💡 maybe we should start actually proving outcomes??????????
¯\_(ツ)_/¯
@shortridge isn't the "no victim blaming" point the thinking that leads to everything requiring 2FA? Sure, some users will come up with bad passwords and get their accounts stolen. I'd rather blame them than require that every time I log into my github account, I also have to pull out my phone in case some hacker wants to... star some repositories?
