@gsuberland Unfortunately, discourse about cyber security has been dominated by APTs, and we end up in this weird situation where companies are investing serious money in SIEM/SOAR but don't have an effective JML process.
@tryst preaching to the choir there.
"we have AV, EDR, DLP, NIDS, 2FA & identity management, a secure gateway for remote work, a SIEM platform, and we're in the process of contracting a 24/7 managed SOC"
"okay can you give me access to a list of all your assets?"
"... uh, hmm, that would be very hard, we don't really have one"
@tryst I got out of pentesting 5 years ago and switched to research, and I'm much happier for it. I still do some customer work but it's almost all weird stuff that nobody else is sure how to tackle.