// , βIt is not so important to be serious as it is to be serious about the important things. The monkey wears an expression of seriousness... but the monkey is serious because he itches."(No/No)
I have lived this. And I'm still trying to get myself dishonorably discharged from the tools brigade.
Gotta critique you on this, though:
Identify who your threat actors are, at work we use the following classifications
It's hard to get across how low, really low, the confidence should be in those identifications, which I've rarely seen based on much beyond past history, the results of garden variety monitoring tools, and intuition. I'm speaking from bitter personal experience here, and from my on and off reading of Hubbard and Seiersen.
30+ years of tech, retired from an identity intelligence company, now part-time with an insurance broker.
Dev community mod - mostly light gardening & weeding out spam :)
Good point on how fuzzy/loose actor classification is - there is a vast array of motivations and personalities out there that this very crude slicing cannot reflect. I find it's a useful process to categorise your own assets though, asking 'who would be interested in this, and why'?
I have more recently started to consider if this 'outside -> in' approach is always appropriate, as there are other 'inside -> out' approaches that start with what we know about our own systems and their weaknesses, then consider if it's worth mitigating those, rather than the attackers view.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I have lived this. And I'm still trying to get myself dishonorably discharged from the tools brigade.
Gotta critique you on this, though:
It's hard to get across how low, really low, the confidence should be in those identifications, which I've rarely seen based on much beyond past history, the results of garden variety monitoring tools, and intuition. I'm speaking from bitter personal experience here, and from my on and off reading of Hubbard and Seiersen.
Good point on how fuzzy/loose actor classification is - there is a vast array of motivations and personalities out there that this very crude slicing cannot reflect. I find it's a useful process to categorise your own assets though, asking 'who would be interested in this, and why'?
I have more recently started to consider if this 'outside -> in' approach is always appropriate, as there are other 'inside -> out' approaches that start with what we know about our own systems and their weaknesses, then consider if it's worth mitigating those, rather than the attackers view.