Why is it so hard?<li>so many old problems don't have good solutions (e.g. BYOD), but we keep getting new shit thrown at us (IoT, privacy frameworks, GenAI, SaaS, supply chain attacks)</li><li>we've gone from protecting a corporate network to protection a corporate network PLUS remote workers PLUS contractors PLUS four different clouds, etc</li><li>no good guide to maturity (lots of attempts tho)</li><li>device types are so heterogeneous (noone is 100% windows or mac, android or iOS these days, tons of IoT everywhere</li><li>Noisy security products (fill-in -blank fatigue from all the things)</li><li>inherited problems (tech debt, abandoned infra, previous security leaders' dumb pet projects/strategies, hiring issues)</li>
Summing the "problem statement" section of this old presentation up, I was focused on how it seems like there's too much of everything. Security has to cover such a broad landscape of stuff, it's almost an impossible job.
AI Safety and Post Quantum migrations are the latest things I've seen added to the CISO's to-do list, and there are just no extra cycles for this stuff (unless you drop other stuff)
