A thought on cybersecurity success & failure:

Resources set a maximum on what a defending actor is able to do.

Incentives determine what that actor is able + willing to do.

Errors in judgment, organizational dynamics, and other factors then further affect what actually gets done.

To implement reasonably good defenses, a defensive actor must have the resources, must have the incentives, and then must then use good judgment in decision-making and competence in execution.

Failure at any of those broad levels leads to failure overall.

What constitutes "reasonably good defenses" is, of course, determined according to the importance of what is being protected and the nature of the threat.)

My team is hiring! We build detection + response systems at planet-scale:

✅ 250,000+ events/sec from >500K servers
✅ 8+ million events/sec from exabytes of storage
✅ >99.95% reliability

Excited by our mission and purpose? Join us! https://careers.microsoft.com/us/en/job/1485641/Software-Engineer-II