Cybersecurity Awareness Month is dumb. Here are some alternatives.

No Vendor November Do some free shit to improve your posture. You know your users, systems and business better than they do.

Defaults December Security by design and default deny.

#cybersecurityawarenessmonth

@badsamurai Great initiatives! Unfortunately they actively hinder C-levels blowing their remaining yearly budget in order to ask for more next year, so they won't happen.

@buherator I don't think we need to worry about their use-or-lose spend.

@badsamurai Justify it January. Identify the owners of your resources and decomission any that no one can claim.

Faraday February: Turn network restrictions to max and cut out only enough space for legitimate programs.

@Epic_Null I freaking love Justify it January!

@badsamurai Thank you. The timing is also intentional: I put it at the beginning of the year and the quarter to try to give impacted teams appropriate time to respond. They usually do NOT like when you mess with stability during end of quarter.