Johannes💡 One cool takeaway from #DACHsec :
Dr. Kraemer (knowbe4) mentioned that a good security policy doesn't just prohibit, it offers alternatives.
If you ban personal AI accounts, give people an alternative (e.g. enterprise LLM).
I think more generally, the hard truth is: we in #infosec are much better at saying "don't do this" than "do this instead."
Saying NO is easy. Taking responsibility for a YES is uncomfortable.
This bias isn't talked about enough ðŸ§
