Understanding Security Risk Level Security Risks are like having a hole in your shield: no matter the side, the hole is still there. You can raise your shields, but until you fix the hole, you are living under a false sense of security. IT folks enter risk conversations much like the blind men describing an elephant ( https://en.wikipedia.org/wiki/Blind_men_and_an_elephant ). Each person is trying to convince everyone else and each one's statement is true to their perception but may be missing the overall perspective. A security professional is required to think through all stacks, layers, phases, control standards, and baselines. It is not optional. They may know the elephant, but they may not know its purpose and value! Add the daunting task of keeping up with rapidly-evolving technologies and you have a very difficult task. How do we help all stakeholders get onto the same page and reduce risk due to ...
SaaS (Security as-if adding Salt) haha Security is like salt. You need to add it at the right time, add just the right amount, and keep in mind the health/dietary needs. One can’t really learn the art-of-salt, unless one cooks, and eats what they cooked! So here you go! My view of learning Security as-if learning the art of salting. What does this paradigm mean to say learning a SaaS Cloud Platform? Well, it means, go ahead, get say a trail Office 365 subscription *, set up the default, then start securing it, or as security people say, harden it. It escapes me as to why it is still called hardening, feels like it is neither Agile or DevSecopsy**, so let's say hardening is like a callus that a pro-player develops. Anyways, unless one sets up a user, one will not experience the skipped/skimped password settings, and next unless one assigns a role** one will not experience membership management issues. So, go ahead create a fe...