This is an important point but I think it's worth calling out that mere experience is not sufficient. Companies like Experian and Solarwinds are "still here" despite historically having crap security, and I wouldn't put much trust in their security today, either. You need to have been an attractive target for a long time *and* have someone holding your feet to the fire, e.g. customers who care about security and are reasonably savvy.
Also... how much trust would you put in a young company founded by veterans from big tech and in a space where they know security breaches will hurt them, vs an older company with a less helpful cultural background and in a space where expectations are lower? I have to think "belief that customers or regulators will punish you for lapses" is an important factor, and while experience is also very important, it can somewhat reside in staff experiences predating the organization.
Well said! Exactly correct that selection for a property only works if not having it actually Kills you, I could have been more clear about that in the post.
Though in the post I was trying to talk primarily about what makes us *think* an organization has that property, whether or not they actually have it.
This is an important point but I think it's worth calling out that mere experience is not sufficient. Companies like Experian and Solarwinds are "still here" despite historically having crap security, and I wouldn't put much trust in their security today, either. You need to have been an attractive target for a long time *and* have someone holding your feet to the fire, e.g. customers who care about security and are reasonably savvy.
Also... how much trust would you put in a young company founded by veterans from big tech and in a space where they know security breaches will hurt them, vs an older company with a less helpful cultural background and in a space where expectations are lower? I have to think "belief that customers or regulators will punish you for lapses" is an important factor, and while experience is also very important, it can somewhat reside in staff experiences predating the organization.
Well said! Exactly correct that selection for a property only works if not having it actually Kills you, I could have been more clear about that in the post.
Though in the post I was trying to talk primarily about what makes us *think* an organization has that property, whether or not they actually have it.
> am told i shouldn't seek out and read something
> immediately skip article to read it
> its too long
> finish this article, then old one out of amusement for finding it
> realize connor predicted this and tricked me, well played sir
You're too predictable, atilla