Working in security I spend a fair amount of time reviewing and looking at work other people do. Turns out when you do that for 10 years, eventually people start seeing you like this:

While some of the things I have seen make [2] me feel that way, the reality is that I have tried to spend most of my career helping people to try to do things better, not to stop them doing new and cool things.

I have lost count of the number of times someone has said in a meeting “We can’t do that, security won’t let us!” with me sitting right there! Ok, fair enough, sometimes it’s true, but most of the time we are really trying to say “Not like that!”. You need a remote access solution? Sure, but lets but that RDP service behind a VPN. Need to install a new, untested web service on our domain? Ok, but why don’t we do some testing and maybe some fuzzing on it first. You want to ship all of our employee data to that 3rd party? Lets have a chat with them first so that we can make sure their security practices are reasonable first.

If I am talking to you about a security issue and you think I just said “No”, make sure you listen the rest of the “t like that!” because I am probably trying to help you[1]!

[1] The exception to the rule is if you are talking about PHP or Perl. Then I mean no.

[2] Circa 2016, I started to come around on WordPress, as the automatic update features and PHP’s overall maturity started to improve.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.