alpinist79

How much realism is actually necessary in phishing simulations?

Posted by Wise-Rate-5234@reddit | sysadmin | View on Reddit | 60 comments

[-]

alpinist79@reddit

None. And you don’t even need the simulation. Assume people are going to click on whatever link anyway and architect your security around that. Yes, it would be nice if people didn’t make stupid mistakes, but unfortunately they do. Also if the phishing tests are mandatory for your industry, I am sorry.

I feel like I missed out on the Golden Age of IT work

Posted by AntsyAnswers@reddit | sysadmin | View on Reddit | 805 comments

[-]

alpinist79@reddit

Security expert here, I see a lot of different environments. A lot of organisations still manage infrastructure in a very traditional way. For a lot of engineers, iac is just not something they do.

Large company culture

Posted by worthlessgarby@reddit | sysadmin | View on Reddit | 354 comments

[-]

alpinist79@reddit

I’ve worked at very small and very large ( 100K+ headcount ) organisations and unless there is an absolute crisis, it’s pretty slow going. Things move slowly. That’s par for the course unless there’s a real calamity.