Comment on Using Clouds for too long might have made you incompetent
SheeEttin@lemmy.zip 1 week ago
Or maybe it’s just a different skill set
Comment on Using Clouds for too long might have made you incompetent
SheeEttin@lemmy.zip 1 week ago
Or maybe it’s just a different skill set
loudwhisper@infosec.pub 1 week ago
Not when the skillset is essentially outsourced and you are left consuming the product of that skillset.
Understanding is nonnegotiable in security, IMHO.
You can’t fail to understand how signature attestation works, if you are implementing it, to make one example I made in the post. Otherwise you end up verifying the signature in the CI (like that person claimed it should be done) and waste the whole effort. You can definitely still outsource the whole infra and scripting to Github, but you still need to understand. The problem is that when you can outsource everything, at some point understanding becomes an extra step.