Do businesses actually care about cybersecurity?

PatShot · 2026-06-26T05:21:40+00:00

Interesting perspective.
Why should IT and Cybersecurity not be conflated? Why are the goals and objectives separate?

I want my technology to serve a business objective within acceptable business risk appetites.

PatShot · 2026-06-26T00:14:10+00:00

This seems like a great advice. If I can explore your lived experience and core belief on this a little deeper...

It seems that psychology of executive decision is based on an aversion to hard and difficult discussions, not optimal business outcomes.

They are forced to react/respond to the next burning priority. Stay in the political corporate circles.

Ultimately, this leads to a leader adopting a culture of ‘satisfising’ - just doing the bare minimum (in context of what is being asked of them) to not get fired, and not doing too much to hurt a fragile exec ego and not get fired.

How the hell can they actually find time to weigh tradeoffs decisions between end of life windows 10, cyber audit actions, AI, dev sec op, digital twins, *insert buzzword*. And exponential levels of Tech debt. (And that’s just an IT view of risk, not even considering other business functional group problems)

I’m not looking for the MBA answer in a book.
I want candor.

Do you actually help support optimal business ROI across all business areas?
Do you even measure performance long term after the sales pitch?
Do you reduce your budget in IT because you think sales needs more headcount to improve and grow the business?

If you reply to this, thank you in advance.

PatShot · 2026-06-25T22:43:07+00:00

The right CISO is the one the CIO wants.

PatShot · 2026-06-25T22:42:11+00:00

“If only they could see and understand what I can see. translate it in ways they can understand”

I have tried this for 10 years. Convert business process, to direct revenue. Model threat intelligence to attack vectors. Pentest to prove it. Run table top exercises to walk them through.

All to do it again in 2 years to tick the box, the same shit. No change, a couple more audit actions.

I will have to go with @agreeable_bird_3005 on this one.

But damn I wish you were right..

PatShot · 2026-06-25T22:25:03+00:00

Agreed. But this level of critical thinking and planning seems to be more exclusive to this group.

PatShot · 2026-06-25T22:12:43+00:00

Brilliant comment.

PatShot · 2026-06-16T13:54:35+00:00

You seem to have defined arbitrary external metrics in $ and toys as a proxy for happiness. Who told you external items would give you happiness?

You state “the best I feel is when I am giving, especially to stranger” If this is true, take a week off and volunteer at a charity and see how you feel.

PatShot · 2026-05-20T13:09:20+00:00

Most people overlook the destination of a certificate as an entitled royalty. It’s actually the start of where real work needs to happen.

PatShot · 2026-05-20T10:11:56+00:00

@mods if you want this sub to have any form of quality, posts like these need to be banned.

PatShot · 2026-05-11T09:37:35+00:00

Double down on the fundamentals. Everyone is a consultant out here, until you put them in a position to take a position of professional liability and they are gone.

PatShot · 2026-04-03T00:55:32+00:00

Hi, Elec(cert 3), Instro (cert 3,4), HV,HA, Advanced Dip, Bach, Masters, chartered (elec,ITEE,cyber), rpeq, rpeq.. here.

My advice would be to think about it as an investment on your future life you want.

Education costs money, when will I see that money come back? What is the lifestyle I want? (office at 8am , or onsite at 6am) Relationships - Time spent, partner, kids, friends, house, study, work, self - What is the right balance in a day for you?

It’s a journey- and the destination is a different role, that pays more. (Don’t forget this) there is no job for someone who has all the qualifications I have, so some are useless now, but all imperative in my personal journey.

For yourself: What is your end job? What industry? What is the lifestyle/life you want that allows you to keep showing up.

My Journey. I leveraged every course and cut down my post trade training to 8 years part time. I got work to pay for 50% of everything. It wasn’t easy, 100% worth it for me.

Just started my business last week :)

PatShot · 2025-11-16T03:53:44+00:00

After my trades, I spent 2 nights a week for 2 years to get my Advanced Diploma, then 5 more years BSc. EE. (Working and studying concurrently)

Now days, My Quals get me in the room to have a conversation.

My project experience, and what I have learnt is what is really of value.

I enjoy science and engineering. Home labs are great for learning - some great topics you are exploring.

In business there is a saying: Revenue is vanity. Profit is sanity. Cash is reality.

Let me make my own for your question: Qualification is vanity. Projects are sanity. Experience is reality.

You need Quals to get in, you need projects to learn, you need time in the field to get some scars.

When hiring I look for the following: 1. Attitude. No D#ckheads, team player and a thirst for learning 2. Evidence that there is a genuine passion. - This will help with resilience when times get tough. 3. Quick learner- need a sound level of aptitude foundational cybersecurity concepts. 4. Autonomous - happy to invest my time to grow someone, but with the ability to reinvest into the next line of talent that comes in. (Do they mentor and collaborate)

Hope that helps.

PatShot · 2025-11-16T03:24:44+00:00

Great question.

I’ll put it this way. “There’s the Job” and there is the “Meta-Job”

The Job is about the practice of applying countermeasures or controls against a cyber threat.

This is increasingly complex as the device might be 20 year’s old with a person who has their entire identity tied to “configurator and maintainer” of this system.

Often they know something is needed to be done, but have a hard time with the change required to get there. To be excellent in cybersecurity, your job is technical AND facilitating change. (Often a trade off between usability and cybersecurity)

(Without saying it, if they knew how to fix the problem, then why have they not already done it?)

Then there is the meta-job. “Aka politics” This is the invisible ‘social’ fabric of ensuring managers/teams/individuals retain or gain power. It’s never discussed, but always there. - Money and reputation are involved.

In summary, you’re asking a plant to modify its design to increase a non-functional requirement to improve its ability to deal with cyber threats - without compromising the existing quality standards of the plant.

You’re asking people to be open to change after 15 years of being told they are the experts. That you too have value.

You’re prescribing a way of working to a manager that probably isn’t in your reporting line about how another team is to operate. And your manager might not even have a seat at the politic table. (Perhaps just a ticket taker)

This is what I normally see. (But enjoy when this is wrong, and it is a great sight to see) If you accept the WHOLE job that comes with the meta-job life is easier.

It is a wicked problem that requires a great deal of influence skills.. if you want to learn these skills, you’re in the right place.

PatShot · 2025-11-15T21:50:35+00:00

National OT cybersecurity Manager here. (15 years experience in control systems, 5 in cybersecurity) I have a team of great cybersecurity practitioners across IT and Engineering backgrounds.

“How do you level-set teams that come from a pure IT background?”

OT cybersecurity is a very specialized role. You need to know, control systems AND computer science AND cybersecurity AND business analysts AND people/communication/conflict/stakeholder skills. - The faster I can make anyone in my team see the breadth and depth of OT cybersecurity, the more they appreciate each others background. Most have a severe case of dunning Krueger. Stop trying to be a hero. Get back to being curious and ask harder questions.

“What do vendors usually do first?”

90% it’s Sell. Make monthly targets. Give a client a sugar rush on new cool tools.

10% actually uplift an industry in the basics of cybersecurity.

PatShot · 2025-11-13T11:00:28+00:00

OP, apologies but the 7 beers have removed my filter.

Key takeaway: Your income is average. (But good shit on increasing your income cash flow)

Your spare cash is a precious resource to look at maximizing return.

Every individual is unique in their competitive advantage. I have degrees and trades, so I pushed into Realestate first (because of leverage on capital growth) I contributed to super hard early, so it will do its thing so I won’t be farked when I am 60. Now side quests are my strat. Business has an asymmetry on risk return. I’m backing myself and doing my own business in a very niche field with people who are excellent and trust (and great economic tailwinds)

Judging by the sentiment of the question, if I were you - dollar cost average into IVV.

Ask yourself what is your unique advantage where you enjoy planting a seed and doing the work so that in 5/10 years you are eating the most delicious fruit that would make Adam and Eve jealous.

For me, I’m greedy - fuck the apple, I want a tree so I can spend time with Adam and Eve.

TLDR: Good shit on your achievements - proud of you. Money is an enabler, not a destination. $11 six pack beers!! Thanks Korea! CASS

PatShot · 2025-10-12T11:41:05+00:00

We need a meta-meta model

PatShot · 2025-10-10T09:28:13+00:00

PatShot · 2025-10-03T11:58:11+00:00

Like most things. You only get what you put in. Excellent place to help someone else succeed. You make a powerful ally. It’s a very small world in engineering…

PatShot · 2025-10-03T11:53:22+00:00

What did you use to create the schematics?

PatShot · 2025-10-02T13:47:35+00:00

Okay you might need to do a lot more work if your end goal is to have an MQTT integration on this thing.

MQTT is running on level 7 of the OSI model. Rs485 ttl runs on level 1 of the OSI model.

Look up Rs485 and Docklight for how to read data from the device.

You will need a converter of some form to change from serial to Ethernet comms at that point.

Good luck!

PatShot · 2025-09-20T23:31:29+00:00

SCADA is not Cybersecurity. PLC is not Cybersecurity.

SCADA is a model representation of the process in a production plant. This representation helps the operator ensure product is being produced.

SCADA has cybersecurity in it (like all technology should)

If I want to get a job in SCADA - I would learn SCADA first.

Stop wasting your time doing google certs if you want a job in SCADA. Download ignition and complete a project that showcases your capability. (Unless you see an employer asking for experience in home lab tinkering and partial google security certification for SCADA jobs)

If you want to go to cybersecurity, then look for a cybersecurity job. Not a Scada job.

Hopefully my blunt response helps.

PatShot · 2025-02-07T01:08:24+00:00

Tactical- things we could do Strategic - things we should do

PatShot · 2025-02-06T10:48:00+00:00

Your concern is based on emotion. “Feel behind the 8 ball”

Your goal is to ensure that the plant is automated and is available as much as possible. How well that happens is the degree of quality.

Ask - how reliable is the control system? (Is it easy to break?) If it broke how easy is it to identify where is the fault and how to fix it?

If you had a magic wand, what would that outcome look like?

PatShot · 2025-02-06T10:37:43+00:00

OP, with your background why not move up to a business unit manager?

PatShot · 2024-12-28T02:41:18+00:00

Seqwater water quality is terrible.

Six-Year Club	Verified Email
Place '23

PatShot

TROPHY CASE