حمید پیام عباسی

he/him

I’d rather be outside right now

Vegan btw

  • 2 Posts
  • 10 Comments
Joined 8 months ago
cake
Cake day: October 24th, 2025

help-circle
  • I have to disagree with the premise that security testing should be a “feel-good” exercise. In a healthcare setting, the security team operates as an internal auditor. Their job isn’t to be liked; it is to protect patient lives from catastrophic ransomware attacks that shut down life-saving systems.

    To do that effectively, they have an obligation to run real-world simulations. Actual threat actors don’t care about hospital morale or their exploitation under capitalism and they will exploit those exact pressure points to gain credentials. What this test revealed isn’t just that the staff are tired, but that a highly enticing lure easily bypasses their current social controls. Because of this test, the security team now knows they must rely heavier on technical controls (like hardware keys or stricter zero-trust policies) to compensate which is actionable. Being mad at the security team for exposing a fatal vulnerability is shooting the messenger.