The difference between: fees, fines, bribes, and lobbying.

(From a Corporate standpoint. Not individual.)

Fee: An amount of money you pay the govt BEFORE doing something in order to follow legal requirements. If you don't pay a fee, you may be required to pay a fine.

Fine: An amount of money you pay the govt AFTER doing something in order to follow legal requirements. Fines only happen if you're caught and if a judge/jury finds you guilty of not paying a fee / following the law.

Bribe: An amount of money you pay illegally to the govt BEFORE doing something in order to bypass legal requirements. Ideally the bribe is less than a fee or fine. If caught, you may have to pay a fine.

Lobbying: A bribe you pay legally to the govt to change the laws to make activities legal (bypass fines) or cheaper (lower fees and fines).

Therefore a simple cost benefit analysis occurs to determine: If the fee is cheap, pay it. If the fine is cheap, don't pay the fee - instead break the law and pay the fine only if caught/found guilty (paying a fine is often cheaper than paying a fee, especially in aggregate). Don't pay a bribe when you can lobby. Lobby if you plan on breaking current laws so often that paying fines becomes cost prohibitive.

So the ideal is to break the law and pay the occasional fine. Or to legally bribe (lobby) to change the law so its no longer illegal (or cheaper to break the law).

Pssssst, hey all you nerds, word to the wise, every time you think you need to really double and triple down on learning code things and all the cybers, stop, then think; “Fuck that, I am gonna go learn how to be a plumber, plant and maintain a garden, study animal husbandry, and how to be self sufficient”

You’ll survive longer.

My team at @greynoise is hiring a Junior Detection Engineer - somebody who understands network traffic and can write detection rules. Hit me up if you have any questions!

https://job-boards.greenhouse.io/greynoiseintelligence/jobs/4677135005?gh_jid=4677135005

AI is making commodity software nearly free to produce, exposing security vendors without real moats. Feature lists stopped being a reliable signal of which products will hold their position as commoditization sorts the market. If you were anxious about "SaaSpocalypse," here's a practical way to understand and handle it:

A seven-dimension rubric from Ben Vierck scores software products from 1 to 3 across each dimension. Three cybersecurity-specific dynamics raise scores for products with compounding defensibility. For example, an EDR platform with a shared data layer can score 20 out of 21 because its dimensions reinforce each other. Enterprise buyers generate telemetry that sharpens detection, which strengthens the compliance posture that attracts the next buyer.

Product managers and founders can apply the rubric to their own product, while buyers can apply it to their vendor shortlist. A low score names a dimension that needs investment, or a vendor likely to be bundled, absorbed, or replaced. Running the exercise honestly identifies the gaps worth examining.

https://zeltser.com/scoring-security-product-strategy

#cybersecurity #infosec #productmanagement #AI #securityleadership

RE: https://infosec.exchange/@cR0w/116437868193090267

Geo IP is good and all, but like, there are so many networks that can just, change where in the world they're advertising their IP addresses from, and maxmind is kinda shit about being able to match their pace and speed. ASN blocking as a feature makes more sense. If your NGFW doesn't support it, see about submitting Feature requests so that it can do so.