This video was inspired by the old five monkeys in a cage experiment. Unfortunately, you can often observe security professionals and especially auditors exhibit such behaviour. They are ‘taught’ at one stage of their life that something is secure and the way to do it. Often referred to as ‘best practice’. The problem with this approach is that they will blindly apply this logic to every and any scenario without taking the time to understand the organisation or the business drivers.
Do you have any such observations of security professionals behaving more like security monkeys? Please do share.