Maria Varmazis is an information security marketing consultant based in the Boston area. Prior to her consultancy career, she managed content and social media marketing for major security companies, including Rapid7 and Sophos. She is passionate about security and privacy advocacy, and her mission is to share security knowledge in an engaging, accessible, and actionable way for professionals and the general public alike.
There's a big disconnect between best practice frameworks and the real-life nitty gritty. Many of these frameworks broadly approach the overarching principles that a robust security program should encompass and why these principles are important; however, they don't usually say specifically what kind of attacker behavior a defender should anticipate when building their security programs, nor do they detail how an attacker would work to thwart those vaulted best practices. Often, that's left up to the security practitioner to suss out themselves in their copious spare time.