….so we don’t think Security is that important. How about you be a Sysadmin instead?”
This is SERIOUSLY something being asked of a friend of mine. They think that there are no threats therefore why are they paying for an IT Security person……. maybe the things he is doing are Reducing attack surface and vulnerability!?!?
What data do you guys use to substantiate your effectiveness to an organization??