I have often joked that my job as a security engineer is to serve as a sort of technical debt collector. Technical debt is a term that is used to describe the accumulation of technical decisions that, in hindsight, are suboptimal. In some cases, you may know that you’re making a decision that will accumulate technical debt, but in most cases you won’t know that a decision has debt attached until considerably longer down the line.| Digital Garden on dade
Offensive security people seem to spend a lot of time debating simulation vs emulation. Hot take: It doesn’t matter.| Digital Garden on dade
I can’t sit here and pretend to have the experience necessary to give prescriptive advice on how to build and run a successful Red Team function at your organization. While I’ve been an early hire for two red team functions at two different organizations, it has not yet been my responsibility to ensure the success of the function. However, being involved early, I was able to see first hand multiple things that threatened the function. Additionally, I’ve been involved in the broader red ...| dade