-
@ Security Writer :verified: :donor:
2025-02-24 08:10:49
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq7gkr926tvltgs0vwkf5hh0vaf2ryret8yxnavks5lp4jcstwtazs0wcxwf it’s an interesting perspective.
I work in the enterprise space, and I’ve been doing this a long time. I don’t think I can recall a single organisation that relied more on red than blue to defend the organisation, and I don’t think I’ve seen or heard any of my peers suggest they’re more interested in that angle either.
As the saying goes “pentesting is necessary but not sufficient”. And that goes for all red teaming.
Good architecture, configuration, and documentation overcome or mitigate most if not all threats.
I would agree that attacker mindset is more prevalent in those that write about security, and I can be guilty of this… as my handle would suggest. But I don’t think I would particularly lean that way, unless to make a point on the exploitability of something.
I tend to agree with your findings that the industry is a whole is more blue focused, but I certainly don’t think there’s a perception issue. If anything I think we need MORE red/purple in the room.