Follow

professionals!

Any tips on how to better communicate that system maintenance (incl. patching) needs to cover ALL devices on the network?

@seb A fire in the kitchen puts the whole house in danger.

@seb If only one device on the network is vulnerable your whole security countermeasures can be compromised. Think of it like a water pipe which should not have any holes in it. It‘s one of the few things where a 80/20 approach is not going to work out for you. People in the right positions need to realize that weak security can lead to the end of a business.

@seb Just patching _some_ devices is like trying to fix a tire by only fixing _some_ of the holes ;)

@seb
This is precisely what the "Shift Left" principle attempts to address (devopedia.org/shift-left).

Or in the words of the late, great John McAffee,

"Anything that produces domain software should have a 50/50% split between Software Engineers and the domain expert." (paraphrased).

In practice this means baking security testing into CI/CD.

@seb This isn't "How many rotten apples do you want in your barrel?" but "how many murderous zombie plague rats do you want hiding in your house while you sleep?" ;-)

@seb let me put it this way: I would be amazed if you know all devices on your network. (It's possible but very rare that asset management is that good.)

Regarding the communication, maybe talk about spring cleaning :) fits the time of the year.

@seb

Hello together,

It's time for some spring cleaning, as with industrial production complexes having places collecting too much dust can result in dust explosions in case of an open fire.

Similarly unpatched devices on a network can cause a lot of harm to others. Therefore, the same way you take care of work place safety, please take care of network security by performing security updates.

If you have any questions, feel free to contact me/us at something@…

@seb that would be an example. The wording is still a bit off.

You might also throw in some appropriate links: youtube.com/watch?v=70fZqHsEdM

youtube.com/watch?v=Tt5q6gnZVs

Then see what happens 🤷

Sign in to participate in the conversation
IOC.exchange

INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

We have a Getting Started Guide here: https://ioc.wiki/mastodon

HAVE FUN and STAY SAFE!