We get to choose how we spend our time and effort, choose wisely.
The Department cannot justify how its approach to cyber security is delivering value for money.
Who’s the bigger clown? The CISO who pretends they’ve just discovered there’s no transparency in what they do? Or the CEO who pretends they’re shocked, shocked I tell you, that cyber security business cases don’t add up?
Being ‘secure’ is popularly comprehended as a better state than being ‘insecure’. This is unsurprising; in the cyber security domain, being secure and doing things securely is considered so obvious as to not even need explicit reference. Many practitioners would argue that more ‘secure’ is the the goal and the entire point of their exercise.