Facebook security boss says its corporate network is run like a college campus (http://www.zdnet.com)
In July of 2017, Alex Stamos Facebook’s Security Chief told employees in a conference call that the company isn’t doing enough to respond to growing cyber threats: in fact, with Facebook’s “move fast” mantra, the vault that stores the keys to a billion lives is (deliberately) run like a college campus, but has the threat profile of a defense contractor, he said.
The threats that we are facing have increased significantly, and the quality of the adversaries that we are facing. Both technically and from a cultural perspective, I don’t feel like we have caught up with our responsibility.
The way that I explain to [management] is that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor, but we run our corporate network, for example, like a college campus, almost.
We have made intentional decisions to give access to data and systems to engineers to make them ‘move fast,’ but that creates other issues for us.
The comments were part of an internal talk to employees during which he discussed the challenges Facebook had with keeping its networks secure, amid a growing danger of state-sponsored actors and advanced persistent threats, which in some cases have near-limitless resources.
For his part, Stamos, when reached, said that he had used the “college campus” line several times internally to describe challenges that the company faces, and used it as a figure of speech.
“My team runs network security for the company, and of course we secure it thoroughly,” he said Thursday.
Stamos denied that the comments were a criticism of the company’s management. “They care a great deal,” he said. “It’s not a criticism of anybody, just a statement of why our team needs to be creative in how we protect our corporate network.”
…….Continue reading at http://www.zdnet.com
My Two Cents: I would locate the Facebook employee or contractor that tapped this phone call that leaked this information to zdnet. Cyber Security teams are facing very tough challenges. The bad guys can be wrong multiple times, the Cyber Security teams cannot be wrong once… but we can all learn from our mistakes. I am sure the next conference call will be secure.