From the Horse’s Mouth: Cybersecurity Pros’ Favorite InfoSec Quotes


Locked down and socially distancing like the rest of us, John Opdenakker took to Twitter to ask the question, “What’s your best #infosec quote?” As you’ll see, this has sparked an interesting discussion with over 189 comments, part serious and part humorous, giving us a much-needed distraction while reinforcing the importance of InfoSec in our highly connected and cyber-insecure world.

The Serious

  1. “As John Chambers famously said, ‘There are only two types of organizations: Those that have been hacked and those that don’t know it yet!’”
  2. “It’s not a question of if, but when.”
  3. “Security isn’t something you buy, it’s something you do, and it takes talented people to do it right.”
  4. “If it’s smart, it’s vulnerable.”
  5. “It takes 20 years to build a reputation and few minutes of cyber incident to ruin it.”
  6. “Security should be built in, not bolt-on.”
  7. “If you can’t afford security, you can’t afford a breach.”
  8. “People, the weakest link.”

The Humorous

  1. “We shouldn’t worry about getting hacked, that’s illegal.”
  2. “It’s not a bug, it’s a feature.”
  3. “Never underestimate a developer with a deadline.”
  4. “Don’t put a $100 lock on a glass door.”
  5. “The most secure computer is the computer that’s off.”
  6. “It’s worse than you think.”
  7. “Don’t pet strange dogs.” In other words, if it doesn’t feel right, don’t click on it.
  8. “Given the choice between dancing pigs and security, users will pick dancing pigs every time.”
  9. “Infosec: The Few. The Proud. The Paranoid.
  10. “Give a man an 0day and he’ll have access for a day, teach a man to phish and he’ll have access for life.”

And perhaps Mike Thompson @AppSecBloke gets the last word (just as timely as when it was first posted almost 10 years ago):

Hackers dont give a ---


*** This is a Security Bloggers Network syndicated blog from Blog – Balbix authored by Ruchika Mishra. Read the original post at: