What sucks in security? Research findings from 50+ security leaders
I interviewed 57 security leaders and asked them "What sucks in security?" Their top pain points were inconsistent access management, vulnerability prioritization and remediation, and obtaining SaaS logs in case of an incident.
Hasnain says:
There is so much useful information here that I’ll find myself coming back to this a few times in the future. A lot of these are problems I’ve seen personally across multiple companies. Key takeaways for me
* fundamentals still matter. You can protect against the most advanced threats but if there’s something basic missing it’s still game over
* security, engineering, IT, etc being multiple orgs is valuable but also causes friction working across orgs. I wish there was something better, but everyone being in one org has its downsides too
* I wish there was one tool to rule them all
* there is a sore need for core fundamental improvements across the board
Picking one quote out of many that resonated with me:
“Tracking ownership of services, assets, and applications has become increasingly complex. “It’s quite social and messy… more gardening than construction,” as one participant described it. Missing service catalogs, incomplete asset inventories, and unclear SaaS application ownership create operational friction.”
Posted on 2024-12-11T06:51:56+0000