Scott Alldridge

Neither I brute force hack something, right?

I use some tool to get in and hack in and get in your network or

I convince you to change something.

I become your social engineer, you.

And so then I do.

So the idea that the efficacy of IT processes, what I'm really saying in there is I'm saying you really need to have good change management practices.

And that involves some other things you need to have in place, like configuration management, a couple of things.

But the point is, you got to have good change.

You really focus on that.

It kind of becomes a really important backstop to your cybersecurity.

So it's kind of common sense, even though it sounds a little process and techie.

It's mainly just saying you got to have really good change management practices that helps your cybersecurity posture, too.

And that's why it's super important that you're monitoring change.

You have what we call kind of detective controls.

So it's monitoring something and saying, oh, something's not right.

There are some old stories.

I'll tell one about, you know, the Target breach.

It was one of the first big credit card breaches that happened.

This is about seven, eight years ago now.

And what happened was, is that they actually had a HVAC vendor that manages their air conditioning and heating systems that actually had a dedicated connection, VPN connection into the Target network.