Security Culture

A few days after sending an application to the Dutch Ministry of Defence for a senior cyber and information security advisory role, I read an NRC article about publicly accessible details of Dutch military infrastructure. Not leaked documents. Not espionage. Not shadowy dead drops in rainy parking garages. Public websites. Pipeline routes. Radar dependencies. Cable maps. Technical drawings. Backup systems. Segmentation details. Power feeds. Coordinates. Bits of information scattered across agencies, permits, infrastructure registries, environmental datasets and planning portals like breadcrumbs dropped by a committee convinced that nothing bad ever happens in spreadsheets. ...

The most useful phrases in a modern security programme are the ones that cannot be argued with. “The platform gives us coverage.”, “We have visibility.”, “The tool supports MFA.” Each one is calm, professional, and technically defensible. Each one can also be doing something quietly different from what the room hears. How the grammar works Three small grammatical moves do most of the heavy lifting. The first is capability standing in for implementation: “The platform supports MFA”, “Defender has ransomware protection”, “Our firewall can do segmentation”. ...