You are probably familiar with the phrase “technical debt”, which describes the consequences of all the bad choices and shortcuts we have taken in IT over the years. So, it’s not difficult to guess what the security debt is, and who is today responsible for repaying it. As some of us are head over heels in debt, Jan Bervar explained some (more and less) successful strategies for getting out of it.
The lecture was recorded at RISK 2019 conference.
An example of paying off security debt
Firewalls are notorious for having a suboptimal policy configuration – from stale, years old rules that are no longer needed, to rules that allow wide access and represent a critical threat to the business. OCP Group wanted to eliminate these risks and asked NIL to help them improve the network access security of their data center.