@hacks4pancakes@infosec.exchange I cannot agree with this enough. You absolutely have to do this yourself. No external entity, no matter how honorable they may be, and.most aren’t, can possibly grasp your environment more than your own staff that built and run it.
This notion that you can outsource everything even remotely hard is quite frankly not true, and while it may save you some pennies now, you will spend real capital cleaning up the mess when that bad day comes.
Tangentially related trend I am seeing: New ISPs that don’t run their own core networks. They outsource it to companies that claim to run core networks for ISPs. If you can’t run a network, you seriously have no business pretending to be an ISP.
This outsourcing of absolutely everything is going to fuck you sooner or later.
@mattblaze@federate.social WOO!