How has a cybersecurity practitioner never encountered useless compliance-driven security tasks?
Where I work, it’s widely acknowledged that doing security for security’s sake, done right, can cover your compliance, but security for compliance’s sake just checks checkboxes and doesn’t really get you security.
Where I work, it’s widely acknowledged that doing security for security’s sake, done right, can cover your compliance, but security for compliance’s sake just checks checkboxes and doesn’t really get you security.