I've learned much of compliance/security is cargo culting and/or streetlight effect, if not radicalized.
You can debate the standards, just like you can debate with your retired uncle who watches way too much fox news.
The better solution is to find good enough solutions that let infosec teams check their boxes and move on to more important work.
I've learned much of compliance/security is cargo culting and/or streetlight effect, if not radicalized.
You can debate the standards, just like you can debate with your retired uncle who watches way too much fox news.
The better solution is to find good enough solutions that let infosec teams check their boxes and move on to more important work.