“No matter how much you train your users to identify a phishing email or some other attempt to steal credentials, there will be at least one user who is having a bad day and makes a mistake.”

Twitter: @ian_infosec • Website: medium.com/@ian_infosec

Ian Anderson is a security manager focusing on the relationships between information technology and operational technology and how those relationships work to defend industrial control systems. He is also interested in risk and governance and identity management within enterprise environments. Ian is a graduate of the University of Oklahoma and maintains GSLC, GCIH, and CISSP certifications.

If there is one myth that you could debunk in cybersecurity, what would it be?

Attackers are human, and as humans, you can conjecture that they are not perfect. Some attackers are good, but they are still human. This may seem trivial, but I believe that when you start to view attackers as human with human goals, you begin to unravel the things that make cybersecurity intimidating. Perfection doesn’t exist for defense or offense. That is the way the game is set up. There are steps all attacks must progress through to be successful. This means there are a series of steps where an attacker may make a mistake. As defenders, we need to seize upon these opportunities to detect, respond, and build back our controls to prevent the next ...