I’ve been thinking hard lately about how to do anti-intrusion well, so I put this post together. What you see here is basically a PPT I sketched out this morning — throwing out ideas to get the conversation going. This is also what I think it takes to do enterprise security right.
Feels like I’ve finally broken through a bottleneck I’ve been stuck at (maybe?), which means I’ll probably hit a new one pretty soon. On a side note, I want to coin a new term: “Massive Security.” Note — not “Chaos Security.” Not quite sure “Massive Security” is the perfect fit either, but I’ll sit on it and figure it out later.
update 20190515:
Had a chat with 小飞侠 last night. When I said “output centered on the product” in the slides, I wasn’t talking about security products — I meant delivering security capabilities around the business product. Should’ve made that clearer. We also got into management models: goal-driven approaches, KPI, OKR, SMART, 6 Sigma. Honestly, I learn something new every time I talk with 小飞侠, haha — appreciate it. (There’s also content security and IoT security that didn’t make it into the slides, both probably worth including, though it depends on what you’re focused on.)