Royce Williams on Nostr: And inventory isn't just critical org-wide (the control on which all other controls ...
And inventory isn't just critical org-wide (the control on which all other controls depend).
Most of the breakthroughs in my own personal security career -- advancing my credibiility with a 'oppositional' stakeholder, uncovering truly important yet previously invisible-to-the-org attack surface, even literally landing my current job -- can be directly traced to my "undue diligence" obsession with extending / automating / correlating the discovery / assessment of inventory.
"Inventory, inventory, inventory" is the "location, location, location" of security.
Most of the breakthroughs in my own personal security career -- advancing my credibiility with a 'oppositional' stakeholder, uncovering truly important yet previously invisible-to-the-org attack surface, even literally landing my current job -- can be directly traced to my "undue diligence" obsession with extending / automating / correlating the discovery / assessment of inventory.
"Inventory, inventory, inventory" is the "location, location, location" of security.