2 comments

[ 3.3 ms ] story [ 18.3 ms ] thread
First point in the article:

>Achieved full and continued compliance with some of the most in-depth FTC, OPC, and OAIC regulatory enforcement actions ever handed out

Last point:

> Partnered with HackerOne to run our incredibly successful enterprise bug bounty program

If that is the prioritization, why is the position of the author Chief Information Security Officer (CISO)? The list would be much more suitable for a Chief Compliance Officer.

And just to be clear: I'm not quibbling about semantics. My deeper point is that we've seen that Ashley Madison is lacking in security and adding more compliance won't help much as long as they don't address their security problems first and foremost. If they can't get this right from the top I have no hope for them.

Is this an ad for ashley madison, or this guys relentless and ethically dubious pursuit of certifications? Either way, no real substance, just some bragging and a list, with few details of actual security.