Відео

I met Daniel at conference last week. This is a very good overview of ADR and how it fits into the cybersecurity architecture.

Thanks Chris & Resilient Cyber team for having Omkhar on the channel. Excited to see where openSSF goes with his recent retirement.

You know why army recruitment is failing? no one wants to work for a woke/dei army. you know why marines aren't failing? because they are tougher/more hard ass and that's what the people want. Get rid of dei/trans ppl in the army/get rid of soft drill sergeants/bring back the shark attack in bootcamp/make a better tougher recruitment ad and I guarantee you you'll have no problem with recruitment

😒 Promo>SM

Great session. I hear "Compliance Vs Security" complaints almost daily. Common examples: Requiring Password Complexity Vs MFA and pass-phrases and Requiring FIPS 140-2 ("UL Listed") Encryption Vs Almost any encryption from this decade. The fact is that elements of a prescriptive standard are likely to be out of date the day it's published. So if you know how to re-stack controls to achieve security goals, the compliance can hinder security. So as part of the "1%" I think I and my colleagues are justified in complaining. But I also agree that this is not a reason to abandon standards, nor an argument to not follow them. My hope is that auditors are well-versed enough in the controls that they recognize that the real goal is effective security and not compliance. Compliance is a tool, not a goal. I agree with most of what you said and I learned a lot too! Thanks to you both for getting this "out there". I liked the cooking metaphor except that I think it's OK to make substitutions in cooking, just like you use compensating controls in security. Bomba rice and Saffron might not be available to me, but I think I still deserve Paella every now and then!

Thanks, interesting conversation!

'Next Phase' internet?

Wow, a field of expertise I am very experienced with. Who'd a thunk!

I'm listening per recommendation of Ezra.

"PromoSM"

😢 ρгό𝔪σŞｍ