Axioms We Use In Security

I was feeling a little facetious last week and was going to post something sarcastic… but didn’t… maybe I will in the future.

Part of that post was a list catch phrases we use in the industry. So today’s post is just that, all the phrases we like to use.

Don’t see one here? Please comment, and I’ll add it.

Security is like an onion, it’s about layers

Defense in depth

Compliance is not security

Security through obscurity is not security

Guardrails not gatekeepers

Security is everyone’s job

Security’s role is to adequately communicate the risk (and impact) to the business

It’s up to the business to accept or mitigate the risk

Assume compromise

We need to find the unknown unknowns

Blast radius

Defend the crown jewels

Take a holistic approach

It’s not IF, It’s WHEN

Security is only as good as your weakest link

Baking security in earlier, will save you time and resources later

We have to “Shift Left” in security

Thanks Sean C. and Ryan F. for some of the extras! I got some good laughs.