undefined | Better HN

0 pointsvladvasiliu1y ago0 comments

> Or maybe IT departments are always ran by clueless fools, who knows?

I think IT has its fair share of clueless fools, but what I've noticed is that when the "security department" is separate, people there tend to have no idea what they're talking about and rely on checklists. Plus, "everybody uses X, that means we're missing out".

0 comments

3 comments · 1 top-level

MaKey1y ago· 2 in thread

Corporate IT security seems to be mainly about checklists and compliance, not about actual security.

mrguyorama1y ago

There's no reason to do anything else. Nobody has gone to jail as of yet for not securing their company, and even "security" companies that get utterly popped still have plentiful business a year later.

There is no legal incentive to do good security. There is no market incentive to do good security. Why is it so surprising to people that we have abysmal security?

vladvasiliuOP1y ago

In my case, it's surprising because companies waste a ton of money buying snake oil and aggravating their users for next to no benefit. You'd expect companies that "only care about their bottom line" to optimize this away, yet they don't.

j / k navigate · click thread line to collapse