10 Oct
2018
10 Oct
'18
3:57 a.m.
Hey,
Important distinction; You fire any contractor who does it *repeatedly* after communicating the requirements for securing your data.
Zero-tolerance for genuine mistakes (we all make them) just leads to high contractor turnaround and no conceivable security improvement; A a rotating door of mediocre contractors is a much larger attack surface than a small set of contractors you actively work with to improve security.
+1. Changing people is a cop out, and often blame shifting. Believing you have better people than your competitor is dangerous. Creating environment where humans can succeed is far harder than creating environment where humans systematically fail. -- ++ytti