It's been interesting to watch the public reaction to COVID-19 and how it maps to how people react to infosec risk. And one thread I see in both places is the perception that caution or risk-aversion is "fear" and/or "weakness"
If I had a nickel for every decision-maker that dismissed a sober risk analysis as "paranoia" and followed it up with tough-guy talk, I could retire
And this is sometimes followed by an attack, which is then followed by "tough-guy" berating the security department, which they de-funded, for not taking adequate precautions to guard against such things.
@whami "why didn't you stop this thing we explicitly told you to spend no resources addressing?!"
@darrenpmeyer Also how some laypeople become experts in the field as time & comments density progresses.
A Mastodon instance for info/cyber security-minded people.