• Encrypt-Keeper@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    3 months ago

    It’s the type of confidence that comes with years of experience in IT security and compliance for global enterprises.

    • gencha@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      11
      ·
      3 months ago

      Likewise :) Sad to learn you are one of those that act confidentially while being blind. I’m the guy that cleans up after you.

      • Encrypt-Keeper@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        3 months ago

        Oh no you don’t, not likewise. There’s zero chance you have any real world experience under your belt, that much you’ve made very clear. You’ve already let it slip that you’re just a consultant lol. A glorified salesman playing around in SMB land no doubt. At best, maybe an old fart who actually dipped his toes into IT generalism two decades ago before getting out of the game and into consulting? I know the type lol.

        It’s probably best if you were to stay in your lane and let the professionals worry about security.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          ·
          3 months ago

          Exactly. We use a VPN to connect to anything somewhat important, and anything truly important requires manual access and approvals. I’m in a pretty senior dev position, and if I lost my laptop:

          1. they’d have to break my password or biometric login (disk is encrypted) - with this they get access to most of our code, but no secrets
          2. they’d need to hack my phone to access any internal documentation or test environments due to 2FA
          3. they’d need to hack my password manager to access anything non-documentation - code repos, prod logs, etc
          4. they’d need to hack someone else’s machine to get access to actual prod data, which is probably what they really want

          And I’m not doing anything special here (and I’m certainly not a security professional), that’s everyone’s machines due to company policy. We also don’t handle anything particularly sensitive, the most sensitive thing I have is proprietary algorithms, and we’d sue anyone if we suspected they stole our code.

          Oh, and if they try to run something sus, it’ll send a report to our IT dept. I actually got contacted by our IT dept because I ran something unfamiliar (I really like my CLI tools), so they added an exception after personally verifying with me that it’s not a hack.

          We have teams across the globe, both inside the org and outside, and we haven’t had any issues with security, and we do regular audits. Our security team isn’t particularly special either, I’m sure many other companies have much tighter security than we do.

        • gencha@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          3 months ago

          I wish you knew how stupid you look for writing that

            • gencha@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              3 months ago

              I rather let it stand for the handful of people that need to know 95% of the room are challenged in their ability to evaluate the situation

              • Encrypt-Keeper@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                3 months ago

                You got public humiliation kink or something? No judgement lol.

                Thank goodness for the downvote system so your comments can be safely buried where they can’t misinform people.