> I've sat in boardrooms with CEOs telling us they were willing to pay whatever it takes to increase their security (and they put their money where their mouth is, too). They still get breached.
Money flows (often) freely but it's not enough. I worked at one place where the CISO was very aware that security needs to be designed into the product ground up. Later a new CISCO came in who thought that security can be achieved merely by purchasing every security scanner on the market and sit back to bask in perfect security. Needless to say security was far worse with the latter one.
Money flows (often) freely but it's not enough. I worked at one place where the CISO was very aware that security needs to be designed into the product ground up. Later a new CISCO came in who thought that security can be achieved merely by purchasing every security scanner on the market and sit back to bask in perfect security. Needless to say security was far worse with the latter one.