With all the Equifax headlines today, I was wondering if there would be a few poor souls in the the Equifax Tech Department who feels atleast a bit responsible for the whole mess. ( I do understand it is a collective responsibility of the management as well )
The most frustrating place to be in these scenarios is the IT (especially security) department.
Go ask any security guy if they think their environment is secure. Very few of us will say yes. It frequently boils down to we ask for things, and there are budget/manpower/time limitations in getting them implemented.
So a breach occurs, execs say to IT staff "Why was this possible."
IT staff says "We requested back in <month> to fix this, and its working through the slow process"
Execs say "Why didn't you scream louder, identifying it as a critical issue"
IT: "There are 1000's of other issues, just like this one. The attackers just managed to exploit this one, instead of one of the others. We can't identify all issues as critical, because then nothing is critical."
Both parties stay frustrated thinking the other isn't doing their job right.
Haha. I meant in all layers of the organization. Could be the IT Security Department, Policy Department, Could be the homegrown development team, anything.
edit: Was the analysis of the hack published?