If you’re going to offer suggestions to a client, make darn sure they’re actionable. I’m reading WAY too many reports that make fanciful recommendations that:
1. Have constraints the client has already said they can’t/won’t address
2. Don’t actually address the stated problem 1/3
Clients are coming to you because you’re an expert, NOT because you have an answer for everything. Saying “this can’t be done with the constraints provided” is more valuable than “here’s a course of action you can’t/won’t pursue.” Of course educate about constraint impact too 2/3
In mathematics, solving an equation isn’t everything. It’s still valuable to show that a problem cannot be solved. Start treating infosec recommendations that way and we’ll all be better off for it.

As I often tell clients “due to constraints, this is the best bad plan.” 3/3
You can follow @MalwareJake.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.