We read it everywhere: “compliance is not enough”.  “Security must be more than compliance.”  Granted.  When the phrase “checking the box” only means working from a compliance checklist and never looking at how your servers are configured, you are vulnerable. When security professionals point this out, they are responding to the well intentioned attitude of … Continue reading →