Maybe Newsweek should look at that a little closer. How do you get ranked a high CS company when their internal security is complete garbage, they have customer apps that have clear passwords stored and can easily be bypassed, nothing is written to follow standards, best practice as far as design or security and you have Directors mandating their staff NOT use corporate approved communication applications, that are by the way Chinese based. Would be one of the LAST companies Id pin "one of the best" on.
15 replies (most recent on top)
Is Cyber responsible for the new IAM project that was recently introduced.
@qf Hey man, trust me... we don't enjoy changing the VPN either lol... And I promise it takes MONTHS for any change to even happen... Be happy that you are always ON the VPN now and don't have to "login" or use the annoying a-s RSA codes anymore.
@qe Depends what kind of change is being asked to be made though... I have nothing to do with apps or what they do/don't do, and dont care. That's not for me to decide or say "wait a minute, you need to do xyz!"
That stuff is for SRB and ARB to deal with. I just put in the firewall rules man. If what they are asking for looks off or doesn't look right then sure, I'll reject it but like... cyber isn't responsible for enforcing certain types of encryption, algorythms, passowrd complexity, or what ports they want to use. Cyber is not responsible for policy's or cr-p like that. That's security's job.
@bg Cyber oh is the team that constantly is changing the VPN for employees. I will give them that they notify people in a reasonable amount of time! The fact they are NOT given a proper budget is complete BS. It is a cost of doing business. But the C class doesnt seem to care, too worried about their stock options. Dell could have the tightest Cyber in the world but if they dont start putting money into critical tools and our customers end up paying the price they will leave just like they have with storage. Dells answer will be to expand into another arena then, how many times has Telco failed for example? Again, cut, cut, cut....drive that stock price up...And/OR prime Dell for a buyout which the demotion of managers makes everything look better on paper. And only paper, there are NO cost savings on payroll
@bh Change advisory boards that do not cover main tools and applications. Changes happen almost daily to critical tools which almost always breaks something else when they make changes and no one is notified, we find out when its broken and unable to deliver what we need to, to the customer. And if you do escalate an issue it goes into the inevitable black hole nothing gets done or changed. The customers are the ones who suffer and pay for it. And they wonder why Storage for example is so far off.
hard shell outside
soft crunchy inside
too many egress points
poorly config'ed firewalls
remediation team that nobody pays attention too
YES MAN MANAGERS ACROSS THE BOARD
@hr that’s the security strategy, turn your laptop into a brick! Besides that, product security is a joke.
everything is locked down so tight, we can't get our work done efficiently. Working in AWS and Azure is a nightmare with all the security hops we have to take. We can't install common software required for development if it isn't approved by whomever is deemed software god.
@cn Yes and that was me :)
I use multiple VPN's/double VPN's when I come here as a "just in case" but, if or when Dell is hacked, we are made aware of it by the top dawgs. Earlier this year, or maybe last year i dont remember now... Dell was breached and as I said, they hacked into a honeypot - a fake network with fake systems and fake servers and etc... designed for hackers to fall into.
Which is what happened. Yeah, Dell was technically breached but, the hackers gained nothing from it. They basically "stole" a bunch of monopoly money and made up PII info.
seems to me earlier this year, folks had to sign NDA's due to security issues with Data Domain. Nothing was published because the vulnerability was extremely high...high enough to mandate NDA's from everyone and anyone involved. In fact, we had to put in code actual upgrade notifications to get users to update to the patched revisions. It was bad...but was swept under the rug.
Good to see the good old Dell team spirit alive and well here. "Sn-t my fault, it's them!"
@bj I won’t post any info here as anything can be traced and someone from cybersecurity already commented here.
BUT! You have no idea!!!!
I’ll leave it here..
I mean, Dell has never TRULY been hacked before so... I mean hacked as in PII type info has been retrieved. Or CC numbers or anything of the sort. There was a breach earlier this year but, they found their way into a honeypot so all they got was fake info lol.
That's cool but, cyber security doesn't manage applications lol... That's why Dell has Change Advisory Boards - which consist of high level consultants/IC's/Mangers/Directors/etc... to oversee the security architecture of literally everything... Essentially, if an application is not using the most up to date security protocols, encrytpions, etc... that's for Security/Compliance teams to deal with. Not cyber.
Clearly, you have NO idea what Cyber Security does lol...
As someone who does work in the cyber department, I can say that we work off of either no budget or a very very minimal budget. Even our CSO and their boss literally told us cyber is one of the last orgs Dell gives money to towards a budget. WHich is ironic considering that cyber is IMPO, every bit as important as sales. We just aren't money makers but, guess who protects all that money, customer info, etc...? cyber!
Cyber does not, nor has anything to do with applications/application security. How applications are run, managed, designed, etc... - specifically password related in this case - is not up to cyber but up to Security and/or Compliance teams. We have no say in any of that.
Cyber is responsible for the firewalls, proxy's, and VPN's. DataSEC falls under cyber but isn't technically cyber security... Cyber is not responsible for telling application teams how to manage passwords and anything like that. That is the job of the security and compliance teams.
We protect the network, intrustions, and prevent hackers and/or make it very difficult for hackers to breach anything internally. There is no such thing as an unbreachable network but, IF a hacker were to breach the network and pivot around, ultimately that falls on the security and compliance teams for not doing THEIR job in making sure apps/systems/GPO's/AD/etc etc etc... was properly secured.