If information-security professionals want to get the sustained attention of senior management, they may need to add a new app to their security toolkit: Microsoft Excel.
That suggestion came from renowned security researcher Peiter Zatko, who has been in mainstream-news headlines in recent months for his disclosure of what he called systemic security problems at Twitter. But he’s been in tech-news headlines for decades prior to his turn as Twitter’s security chief.
Speaking at the tech-news site CyberScoop’s CyberTalks conference in Washington, D.C., Zatko–also known by the handle “Mudge” he adopted as a founding member of the L0pht Heavy Industries hacker collective in the 1980s–urged attendees to stop treating security as some realm of myth or folklore that can’t be measured like any other operating expense.
Zatko told his onstage interviewer, Cyberscoop editor-in-chief Mike Farrell, that infosec professionals do themselves no favors by encouraging management to see the field as “some unquantifiable, scary environment” that requires knee-jerk decisions.
That’s especially true in the C-suite, where Zatko said awareness of the importance of security’s importance has advanced the least–and where many IT departments attempt to secure funding through fear, a sales pitch he characterized as “we can't quantify it, and we need a large budget.”
Zatko’s take on that proposition: “That's BS.”
He recounted a director’s comeback to that budgeting pitch from his stint at the federal...
US satirical publication The Onion has proposed a new plan to take over Infowars, the media company run by right-wing conspiracy theorist Alex Jones. The Onion's proposal, which requires approval ...