I switched jobs on May 1, 2022, and now work as a Chief Development Architect Security returning to my old strengths.
The time as a manager of an Internal Investigations Team investigating cases of fraud, corruption and bribery went by in a whim. If you stretch your mind a little bit, you could still state that this is a security topic. But I am not here to debate this.
What did I learn from my time in internal investigations?
I took away three things:
1. Anything that can be thought, can and will be tried.
2. The Fraud Triangle: to conduct fraud one needs motivation, rationalisation and most important opportunity!
And 3. and this really helps in discussions with security engineers who question that they have to fix a security vulnerability by asking: “Why would anybody exploit this?”
Any guesses anybody?
The single most frequent answer that team members and myself received when we asked an alleged employee: “Why did you do this?”, was:
“Because I can!”