a bad outlook

I strongly believe in the importance of approaching security from both a proactive and pragmatic perspective. Compliance and policy focused security, while it may promote the enforcement of some valuable controls, tends to stagnate and create a bloated security program that is fraught with misprioritisation. Too often it leads security teams to be so caught up in working from checklists that they overlook threats that are unique to their organisation. This begs the question; how does one go about adopting an approach that addresses these shortcomings?


Continue reading “a bad outlook”