this post was submitted on 05 Jan 2024
169 points (99.4% liked)

Technology

58092 readers
2941 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
169
Law firm that handles data breaches was hit by data breach | TechCrunch (techcrunch.com)
submitted 8 months ago by fne8w2ah@lemmy.world to c/technology@lemmy.world
5 comments fedilink hide all child comments
 

The irony.

you are viewing a single comment's thread
view the rest of the comments
[–] theluddite@lemmy.ml 8 points 8 months ago (1 children)

I remember when I realized that the lawyers had taken over cybersecurity. It was 2018. I was in a meeting, looked around, and realized that I was the only person in the room who codes or has ever coded, and also the only person without formal certifications in security. 5 years earlier, security teams were full of people from all walks of life, who often got into security from (let's call it) "practical" experience.

[–] remotelove@lemmy.ca 6 points 8 months ago (1 children)

Thankfully, that really depends on the org. I started in security before "security engineer" was a thing. It was different times, for sure. When the 2008 housing bubble popped, banks started the trend of splitting out engineering roles from the newly formed risk and governance groups. This eventually morphed into what we have today: Security engineering teams and separate GRC/Legal teams.

I can't hate on compliance too much through. If ran correctly, tracking and auditing networks and processes is an extremely important thing to do.

I just learned both worlds over the years. At my age, I have the technical experience to hold my own and also the balls to push back on stupid compliance requirements to people very high up in organizations. (The trick is to not give a fuck about getting fired for speaking my mind.)

Sorry. Went on a bit of a tangent to say "I understand you completely." ;)

[–] theluddite@lemmy.ml 2 points 8 months ago

Haha, no worries, and totally agreed. I'm finding that more and more, not only is there no security engineering team, but the legal side of security has no concept of that whatsoever. They are the security team. Security, to them, is fundamentally a compliance process, which of course involves coordinating and working with the engineering team, but it isn't really a technical practice so much as a managerial and administrative one.