Q: How many pentesters does it take to screw in a lightbulb?
A: None. We break stuff, we don't fix it.
Q: How many auditors does it take to screw in a lightbulb?
A: None. We don't fix stuff, we justify the budget to have it fixed.
Q: How many CISOs does it take to screw in a lightbulb?
A: Are lightbulbs really a regulatory requirement?
Q: How many security software vendors does it take to screw in a lightbulb?
A: If you pay us a lot, we'll give you a tool that will let you screw in your lightbulbs better!
Q: How many university degrees in security does it take to screw in a lightbulb?
A: Well, we've never actually seen a lightbulb, or screwed one in, but in theory...
Q: How many security certifications does it take to screw in a lightbulb?
A: If you don't require certification for lightbulb screwers, how else will you know your lightbulbs are screwed in right? Nevermind how much it costs, expense it!
Q: How many security analysts does it take to screw in a lightbulb?
A: We'll tell you the lightbulb isn't screwed in, we'll provide flashlights, and we'll tell you how you should do your job, but we don't screw in lightbulbs.
Q: How many administrators does it take to screw in a lightbulb?
A: One more than the budget pays for: there are too many other projects going on.
Why do we divorce security from operations so thoroughly?
