What do you wish security professionals would start/stop doing?

We have to better communicate about threat. Still today, we have 16 iSCSI, 1000s of people on iSCSI, but nobody communicates the real substance. They keep talking about IOCs. To me, IOCs are stale fish. After 10 minutes, that IOC is useless. On another note, my doctorate was on AI-based agents for large scale institutions. Today, I say stay away from agents if you can, because with API's, you really don't need agents. Everybody has real estate today, and their own assets. Whether you're an IoT or whether you're traditional with your MDR, EDR, you name all the three-letter acronyms, you have real estate. You can use API's, and you don't have to reinvent the wheel by installing yet another agent. I'm a firm believer in using what you have. Don't reinvent it.

Anonymous Author
We have to better communicate about threat. Still today, we have 16 iSCSI, 1000s of people on iSCSI, but nobody communicates the real substance. They keep talking about IOCs. To me, IOCs are stale fish. After 10 minutes, that IOC is useless. On another note, my doctorate was on AI-based agents for large scale institutions. Today, I say stay away from agents if you can, because with API's, you really don't need agents. Everybody has real estate today, and their own assets. Whether you're an IoT or whether you're traditional with your MDR, EDR, you name all the three-letter acronyms, you have real estate. You can use API's, and you don't have to reinvent the wheel by installing yet another agent. I'm a firm believer in using what you have. Don't reinvent it.
0 upvotes
Anonymous Author
I am absolutely passionate about both AI and cybersecurity, and the community. There's quite a few opportunities in terms of building a community around cybersecurity, where for the most part, things have been siloed and more so the enterprise-centric old way of doing things. Obviously, as you just catch up, the world keeps changing. With the amount of change that is happening, it's hard for everybody to stay up to date. So I have a few thoughts in terms of creating a community for incident responders. Like we have tried with threat intelligence. It was good, but that's not actionable. So when we talk about specific incidents and sharing that knowledge among peers, that is actionable, which makes more sense.
0 upvotes
Anonymous Author
Stop acting like they have a law enforcement background. Unless the security professionals have genuine experience at the CIA, FBI, or NSA it’s often a bit of an dog and pony show that turns off the audience. Be approachable rather than appearing knowledgeable.
2 upvotes
Anonymous Author
Stop spreading FUD (Fear, Uncertainty and Doubt) to get increases in budgets and head count (rather than using real metrics, historical quantifiable risk data and fact-based evidence).
3 upvotes