Defending Assets You Don’t Know About

  • If your outbound rules are default-deny, you can still catch a compromised device, even if you don’t know how it got there.
  • If your developers are all trained to build on default images, your hardening and logging guidance might be followed, even if they deploy using the wrong AWS token.
  • Whole company phishing reminders don’t target an individual user, but might prompt a user to take a preventative action even if HR forgot to give them their individual new-hire security training.

Use Categorization to Find Your Internal Paths

How do I categorize?

Know What Matters and Forget the Rest

You’ve Got Too Many Bugs to Fix Them

There Will Always Be Unknowns



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store