I’ll start by saying that in the 20 years I’ve been in IT with the last 10 or so in CS I’ve noticed a trend where businesses are comfortable granting system administrator roles and access to InfoSec folks and I wanted to see if I’m seeing things or what.

I don’t think its a good idea because well, for one InfoSec folks are not IT administrators (they can be but for the most part they aren’t due to the scope and breadth of their jobs as it is) and because InfoSec folks are an attack vector for most orgs. Yes all users are attack vectors but I imagine the bounty is higher if you’re able to pop an organization using an IS guy’s creds or other vulnerability.

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.