Anybody else working on the 2025 budget?
It means they will buy whatever security product the supplier who gives them the best night out recommends. Have it deployed on everything with the most basic configuration by someone who’s never used it before and then call it a day.
Bonus points if it causes WAN and internet circuit problems because it’s shitting out logs or constantly downloading updates to 1000+ endpoints.
“Security” as in securing just enough of a budget to pass our audits.
The master lock version of security. There is a lock on it so it ticks the box for insurance but a strong fart is enough to break the lock.
no joke, the Masterlock 175 combo padlock secures about 75% of Australian telecommunications facilities.
You are using a Masterlock 176. It can be opened with a Masterlock 176.
The secret is cyber insurance. Your rates go down when you have effective controls.
Anybody work for boeing?
No budget, only security.
Me saying words doesn’t mean I actually mean them.
-every CEO in the history of the world
Just ask the padawans they are basically unpaid interns…
…actually, nevermind on those we got other plans
Working on 2025 budget. Travel? No. Headcount? No. Career path and progression for the larger team? Take a guess. Yeah.
Quality falls under this meme, too. My job is quality, so why do they have me doing this completely unrelated job that takes up half my time?
QA, saftety, data protection, customer support … this meme can be applied to many aspects of a company that don’t generate revenue.
This is outrageous and unfair.
How can you say security is your top priority without allocating the budget for it?
This is very unnatural and an unusual state of affairs
Today, I want to talk about something critical to our company’s future: prioritizing security above all else. - Satya Nadella, Chairman and CEO of Microsoft
I don’t work for Microsoft, but it is hard for me to belive that security is really the top priority. And this is what my meme is about.
I think it was taken seriously for a while. Gates did it similarly with the trustworthy computing initiative, as well, but they’re all so hell bent of profits that it’s only a matter of time before the directive erodes.
I guess this is where regulation steps in (changing analogies and thinking about HIPAA and so on)