If “prevention eventually fails,” I suggest fast, precise, thorough detection & response — which is what tends to happen in the real world.
— Richard Bejtlich (@taosecurity) May 29, 2013
And this, ladies and gentlemen, is what we need to be teaching our security students, instead of all this GRC bullshit.