"Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management"
About this Quote
Mitnick frames cybersecurity as a chase with no finish line, and he does it in the plainspoken dialect of someone who has been both predator and prized capture. Calling it a "cat and mouse game" isn’t a tech cliche here; it’s a reminder that the advantage is dynamic. Attackers move first, defenders react, and the terrain shifts every time a new exploit drops or a new toolchain gets commodified.
The sly phrase "zero day award" is doing heavy cultural work. It nods to the status economy of hacking: reputation, bragging rights, maybe a payout, maybe just the thrill of being first. Mitnick’s subtext is that security failures aren’t only about brilliant adversaries; they’re also about incentives. If finding a hole is rewarded faster than closing one, the game stays lively.
Then he pivots from romance to bureaucracy: configuration management, vulnerability management, patch management. The repetition lands like a checklist read aloud in an audit room, and that’s the point. He’s puncturing the myth that cybersecurity is primarily a Hollywood battle of genius versus genius. Most breaches don’t require a once-in-a-decade exploit; they require an organization that can’t reliably inventory its systems, prioritize risk, and apply fixes before the internet notices.
Context matters: Mitnick became famous by exploiting trust as much as code. His intent here is almost penitential and pragmatic: stop fetishizing the attacker, start funding the unglamorous disciplines that make the mouse harder to catch.
The sly phrase "zero day award" is doing heavy cultural work. It nods to the status economy of hacking: reputation, bragging rights, maybe a payout, maybe just the thrill of being first. Mitnick’s subtext is that security failures aren’t only about brilliant adversaries; they’re also about incentives. If finding a hole is rewarded faster than closing one, the game stays lively.
Then he pivots from romance to bureaucracy: configuration management, vulnerability management, patch management. The repetition lands like a checklist read aloud in an audit room, and that’s the point. He’s puncturing the myth that cybersecurity is primarily a Hollywood battle of genius versus genius. Most breaches don’t require a once-in-a-decade exploit; they require an organization that can’t reliably inventory its systems, prioritize risk, and apply fixes before the internet notices.
Context matters: Mitnick became famous by exploiting trust as much as code. His intent here is almost penitential and pragmatic: stop fetishizing the attacker, start funding the unglamorous disciplines that make the mouse harder to catch.
Quote Details
| Topic | Privacy & Cybersecurity |
|---|
More Quotes by Kevin
Add to List
