Welp, I guess I'm starting a blog today. I want to talk about how we secure systems today, but I don't want to talk about computers, I want to talk about organizations as systems. One of the things that I think haunts infosec is our insistence that technical solutions, computers, and similar automation is the solution to security. I think this is because it's easy to measure, and there's a belief that it's reliable. But today I want to talk about what I see as the core gap in that system.
Read MoreBecause we can't just secure computers