Rivaclaw🏳️‍⚧️ΘΔ @renbymon@computerfairi.es

@LightTheUnicorn 🖤​🖤​🖤​

One thing that's not really talked about is how the Puritans were actually kinda dicks. The story goes that they travelled to North America to escape religious persecution, but that's essentially just a set up for the whole manifest destiny bollocks. They left Europe because people did not like them interfering with the rights and freedoms of everyone else in society.

Fast forward 403 years, and the same thing is still going on: an ultra-conservative minority is still trying to force their values on everyone else.

A thieving noodle!

Another fun commission: european polecat as a cartoon thief ​

#FurryArt #MastoArt #Commission

Finished artwork for TyphosDerg! 💜

#dragon #dragonart #fantasy #fantasyart #furry #furryart #digitalart #commission

To survive in this environment, you have to remember that you are not the risk owner. It is your role to assess the risks, design the controls and assure them in operation. If the risk owner doesn't want to listen to you, that's their funeral.

And always remember that security engineering is a sought after discipline. If something is making you really uncomfortable, hit the bricks. You'll have a new job in a week.

6) Some engineers are fatalists. To them, there is nothing that they could do to prevent their system being compromised, so why bother?

7) Security vendors do not help, because they promote messages about how scary the threat is, and how organisations should prioritise defending against APTs over getting the basics right.

8) It is exceedingly rare that management will give security sufficient authority in engineering governance. Things will go out the door that you are deeply uncomfortable with.

9) Change control board is where security controls go to die

10) Nobody appreciates being told "I told you so."

4) When times get tough, secure by design is the first thing to be pared back. This is probably related to it being seen as a nice to have, and not an essential performance requirement. To get it right, it has to mature at the same speed as, and intimately related with, the design. But when the project goes on a diet, engineering will still progress and security has to catch up later, after many opportunities are lost.

5) In the absence of an effective regulator, investors and 'visionaries' will always prioritise features and time to market over security. Socialise risk. Privatise profit.

I've spent the last 9 years of my life developing, promoting and using secure by design in my engineering field, and I've learnt a few lessons:

1) Techbros *hate* SbyD. They see it as a blocker and they don't want to engage with it at all.

2) Safety engineers don't trust security, and don't want security within 1,000 miles of safety systems, even when its purpose is to assure the integrity and availability of those systems.

3) Programme managers and project engineers never budget enough resources for it. It's either an add-on, or a nice to have, but rarely embedded.

https://www.theguardian.com/technology/2023/nov/27/ai-safety-pact-us-uk

Traditional icon of Monty @truckthepolarbear! The big dumb doggo~

distributing software as flareware (license condition: evolve an eevee to flareon)

It's been a while since I did these and I still get requests for them so.. IKEA sheets are back! They're £20 and make a great gift or a fun thing for your profile! Examples here https://imgur.com/a/sa1yGhn
Comment or DM me for a slot!
Boosts very much welcomed!❤️

Got this Ikea-style ref sheet from @moon :3 Check 'em out if you want one for yourself :)

#furryart #snep