@gsuberland My opening question is always "What's your threat model?" because that tends to put things in perspective.
@tryst literally the best question anyone can ask when it comes to security. figure out your security model, act accordingly, keep your eye on the things that matter, and don't waste time (and money!) with unnecessary security maximalism.
@gsuberland Unfortunately, discourse about cyber security has been dominated by APTs, and we end up in this weird situation where companies are investing serious money in SIEM/SOAR but don't have an effective JML process.
@tryst preaching to the choir there.
"we have AV, EDR, DLP, NIDS, 2FA & identity management, a secure gateway for remote work, a SIEM platform, and we're in the process of contracting a 24/7 managed SOC"
"okay can you give me access to a list of all your assets?"
"... uh, hmm, that would be very hard, we don't really have one"
@tryst I got out of pentesting 5 years ago and switched to research, and I'm much happier for it. I still do some customer work but it's almost all weird stuff that nobody else is sure how to tackle.