And they are laughably wrong. Its always the wannabe system admins with 4 end users spouting that nonsense. You get into any big organization and legacy becomes a larger and larger part of the way things are kept running. Hell just for shits and giggles look at the back end of blood banks, government, airports and non blood banks back end infrastructure. I would be shocked if anything was running on less then a decade old software. Hell people think that software hardened over years should just be tossed out the window because the company (who has now made it clear they don’t even know what they are doing) released a version with a bigger number.
Just what are they teaching these days? No OS is secure, exploits and vaunrabilitys are in them all. This should not be a hot take but all I see is lazy it departments offloading responsibly left and right. The correct way to handle this has always been from a risk management approach. You need to assume your not ever secure, make backups, develop a plan to recover after an event and if you have sensitive data handle it like it was sensitive. Now a days we have usernames and passwords stored in the same databases, plain text critical data, lack of redundancy at all levels and a slick sales package to justify it all.
And they are laughably wrong. Its always the wannabe system admins with 4 end users spouting that nonsense. You get into any big organization and legacy becomes a larger and larger part of the way things are kept running. Hell just for shits and giggles look at the back end of blood banks, government, airports and non blood banks back end infrastructure. I would be shocked if anything was running on less then a decade old software. Hell people think that software hardened over years should just be tossed out the window because the company (who has now made it clear they don’t even know what they are doing) released a version with a bigger number.
Just what are they teaching these days? No OS is secure, exploits and vaunrabilitys are in them all. This should not be a hot take but all I see is lazy it departments offloading responsibly left and right. The correct way to handle this has always been from a risk management approach. You need to assume your not ever secure, make backups, develop a plan to recover after an event and if you have sensitive data handle it like it was sensitive. Now a days we have usernames and passwords stored in the same databases, plain text critical data, lack of redundancy at all levels and a slick sales package to justify it all.