Compliance
We don’t do compliance unless you want to use it as an opportunity to build some Real Security™ into your architecture, platforms and systems. The checkmark compliance approach may please the auditors and the regulatory bodies, but it will not stop the attackers, and our integrity do not allow us to cater for the latter.
As the awesome Dan Kaminsky (RIP) once said:
- “At the end of the day, defense without offensive knowledge is worthless, is stupid. We call it compliance.”