Laws of infosec

In the past I posted what I called a law of a threat hunter, but thought we could probably generalize and expand it a bit more, and in the end I came up with this list:

The law of a threat hunter

For every two most distant technologies there exist a developer that will bring them together.

The law of an end user

The end user is not a security control.

The law of a mind blowing / disrupting product / service offering

Congratulation on your Quality Assessment of an unfinished product opportunity.

The law of a vendor promise

It works in our lab. We have it on our roadmap. Defo in our next release.

The law of a infosec certification

You are certified to have a certification.

The law of an infosec advice

It’s most of the time a subjective, biased opinion.

The law of an Infosec Though Leader


The law of a novel cyber idea

McAfee did it first.