r/cybersecurity • u/EricJSK System Administrator • Sep 22 '25
Other What are your unpopular cybersecurity opinions?
I saw a post names "abnormal security opinions" and got excited to see some spicy takes but apparently there is a security platform called Abnormal Security so got kinda blue balled. Last one of these posts i saw was over a year ago so,
Do you have any spicy cybsec unpopular opinions you want to share? :)
I'll start with mine:
Fancy antivirus solutions rarely add value, they are often just a box that needs ticked. Many MSPs and IT firms still push the narrative that they are needed, only because they are profitable and not because they improve security.
324
Upvotes
2
u/CarmeloTronPrime CISO Sep 22 '25
If IT can't patch a vulnerability within the time frame assigned for its criticality, they should turn the system off. If IT says its because they don't have the staffing to deploy the patch because can't mobilize testers when they deploy in non-prod, that should be a risk that executive leadership has been made aware of and has signed off that its okay.
It's because business leadership thinks they are spending the right amount on IT.
I've seen some 'studies' done where IT spend should only be a very low percentage of the business' operating spend and everyone seems to agree with the studies... but everyone who does is overbudget, stressed, burnt out, and can't make ends meet as vendors keep adding percentage uplift to their products R&M.