Advanced Defense and Forensic Response
In order to succeed in defending your organization against a cyber attack, the key skill to have is the ability to control complexity. Protecting assets is often described as “asymmetric” in that the effort of controlling all the internal complexity is much larger than the effort needed to find one issue by an external attacker. If you have worked with Oracle for some time you will have noted that the software is complex, and some administrators do tend to increase the complexity—especially when they are the only ones who know how to work it! This does not bode well for a controlled baseline that is provably and measurably secure to an organization’s standard.