Futaba _ Webs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

Cyber Security's BIGGEST Flaw! ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

Todayโ€™s article is going to focus on the overall problem with Cyber Security, rather the major lack of common sense where it should be for modern age digital defenders. A lot of what Iโ€™m going to say in this article might be obvious to some, but rest assured, ITโ€™S NOT OBVIOUS to MANY that work in Cyber. If it were, then I myself, as well as well established professionals wouldnโ€™t be โ€œwinkingโ€ or hinting at this time and time and time again.

๐ŸŽƒ Article ๐ŸŽƒ Glossary ๐ŸŽƒ Catalog ๐ŸŽƒ Home ๐ŸŽƒ Search Mode

๐ŸŽƒ Article Glossary

๐Ÿ•ธ Synopsis ๐Ÿ•ธ

Todayโ€™s article is going to focus on the overall problem with Cyber Security, rather the major lack of common sense where it should be for modern age digital defenders. A lot of what Iโ€™m going to say in this article might be obvious to some, but rest assured, ITโ€™S NOT OBVIOUS to MANY that work in Cyber. If it were, then I myself, as well as well established professionals wouldnโ€™t be โ€œwinkingโ€ or hinting at this time and time and time again.

We have all the means and tools available, even the information which is publicly available and FREE, however, what if that were the very problem itself and WHY we have such BAD Cyber Security practices to date.

Keep reading and youโ€™ll find out exactly what I mean by that.

๐Ÿ•ธ Article Topics ๐Ÿ•ธ

I'll be discussing the following topics in order:

๐ŸŽƒ Public Disclosures Hurt Us

๐ŸŽƒ Lack of Emphasis on Security

๐ŸŽƒ Lack of Security Talent

You can click on any of the topics to simply check that one out if it interests you!

NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!

๐Ÿ•ธ Key Links ๐Ÿ•ธ

Here's a quick run down on all the main links that are in the article in case you want to check them out first.

๐ŸŽƒ LinkedIn Version

๐ŸŽƒ Cyber Security's BIGGEST Flaw!

Public Disclosures Hurt Us ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

Ever see the latest news on MAJOR security breaches or recent white papers from security researches that get publicly disclosed online? Yeah, THIS, although that information is nice, is part of the problem as to WHY threat actors are constantly able to adapt and stay two steps ahead of us. It also gives threat actors INGENIOUS ideas on how to piggyback off of recent breaches and evolve them, sharing that information with each other. Donโ€™t even get me started on โ€œliving off the landโ€ stuff that becomes possible when we โ€œtalkโ€ too much.

When you disclose PUBLICLY HOW certain breaches took place or how to prevent them on a technical level, youโ€™re telling threat actors STEP BY STEP on HOW to breach your security systems. It's even worse since we have DEDICATED platforms that help fill threat actors on all this juicy information.

A good example of what I mean by this, and this is no insult to anyone, would be the beloved Wiz. As much as I LOVE Wiz and a lot of other Security focused places that disclose Security research information to everyone, time and time again Iโ€™ve been able to get full in depth information on recent exploit techniques, where, if I were a threat actor, could allow me to devise said exploits against other infrastructures.

Even without places like Wiz that do all of this, itโ€™s still mandated by law that breach disclosure occurs.

Nowโ€ฆ. how to handle disclosures? Wellโ€ฆ to be rather bluntโ€ฆ. Sum it up as quick as possible. No need for a diagram and all that. I know this sounds bizarre, but hear me out. Itโ€™s the job of SECURITY professionals to break down and study HOW a breach took place with just an overall summary and devise mechanisms of their own in order to defend against it, even apply needed patches if necessary for all systems. This of course would REQUIRE companies to have a DEDICATED budget for proper Cyber Security procedures which most still sleep on.

Now, what do I mean by โ€œsumming it up as quickly as possibleโ€? Ever seen a CVE that just dropped and you tried replicating it but have no idea how? THIS is what I mean by that. The CVE simply explains HOW the breach occurs without full in depth information on to the tee things, leaving it up to Security professionals to test and check against it on their own and figure out how to defend against it, OR, if youโ€™re a threat actor, figure out how to replicate the exploit (which threat actors arenโ€™t too keen on sharing how to do since they profit off of selling that information).

Lack of Emphasis on Security ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

Now, this isnโ€™t a shocker to most folks that work in Cyber Security, but security is almost NEVER in mind for most business infrastructures

๐ŸŽƒWhen developing complex systems and software

๐ŸŽƒBudgets

๐ŸŽƒCompetent teams

๐ŸŽƒIncident response

๐ŸŽƒSecurity Audits

๐ŸŽƒPenetration tests

And the list goes on.




Lack of Security Talent ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

Now this might rub a few the wrong way.. BUTโ€ฆ. WE DO HAVE SHORTAGE OF CYBER SECURITY TALENT. Not by numbers, NO, there is plenty of that. The PROBLEM is we donโ€™t have the RIGHT talent in the RIGHT places. We have people that SHOULD be in Cyber, NOT in Cyber, and people that shouldn't in Cyber if that makes sense.

Cyber Security isnโ€™t a game, thereโ€™s A LOT on the line should an infrastructure FAIL to prevent a breach: reputational value, financial assets, and of course overall jobs that are on the line that can be impacted should financial assets be impacted from security breaches. Not even just the company itself, but the very end user data hosted in them puts said individuals at risk which can lead to stuff like identity theft and a lot more.

A consistent trend, as disappointed as I am to say thisโ€ฆ Is we have folks in Cyber that donโ€™t โ€œunderstandโ€ security. Most of them know how to regurgitate what they โ€œknowโ€ on Security related subject matters, maybe even use a good chunk of the tools to defend, even attack if possible (if they even, since most pentests are being automated now a days), but this doesnโ€™t mean they โ€œunderstandโ€ security.

A lot of this is due to the movement of not having to be โ€œtechnicalโ€ to work in Cyber or over prioritization on โ€œsoft skillsโ€ which leads to a lot of folks that arenโ€™t technical enough to apply basic to advanced Security frameworks/procedures, all of which is more prevalent when dealing with leadership roles like CISOโ€™s for example. This leads to MANY recurring situations where security breaches, basic ones that can EASILY be prevented.

How to find the right talent? We already have. The problem is Cyber Security has become a celebrity thing where only the cool kids get into the club. Itโ€™s become less about security and more about ego.

Itโ€™s also problematic that budgets simply donโ€™t โ€œexistโ€ for said talent if that makes sense, rather, a refusal to make them.

If you enjoyed this post give it a thumbs up! Iโ€™ll be keeping track of whose reacting from now on as there is a โ€œspecialโ€ reason for it. Just know the more you support my content the more there is in stored!


- The Hacker Who Laughs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

portfolio img

The Hacker Who Laughs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

portfolio img

Is TCM Security Still Credible? ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

- The Hacker Who Laughs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ
portfolio img

How to Build Your Personal Brand? ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

- The Hacker Who Laughs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ
portfolio img

Womenโ€™s History Month 2025 ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

- The Hacker Who Laughs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ
portfolio img

Why Futaba Does Cyber Security!? ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

- The Hacker Who Laughs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ
portfolio img

FREE Resource? OR Opportunities? ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

- The Hacker Who Laughs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ
portfolio img

Ex Machina Parlor ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

- The Hacker Who Laughs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ
portfolio img

Article Catalog ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

- The Hacker Who Laughs ๐Ÿ•ธ๐Ÿ•ธ๐ŸŽƒ๐Ÿ•ธ๐Ÿ•ธ

๐ŸŽƒ CONTACT ME

AnOnYmOuS

futaba.webs@gmail.com

New York, NY United States