kill chain

All* threats are insider threats

In the 1990s and early 2000s, the prevailing school of thought in information security was that there were two kinds of threats: insider and outsider. The insider was the "

A paean to the red team

...or "Erick rethinks his position on sports analogies"   In "Defenders think in lists, attackers think in graphs, as long as this is true, attackers win", Microsoft&