[SE_Student]

> Leave the reverse engineering of malware etc. to people with more interest and time.

...

> (remember, your average consumer believes in using an anti-virus to clean out a infected machine, when the correct thing to do is a complete wipe and reinstallation). Easier get them to offload most of their productivity tools to SaaSes and buy plenty of insurance than try to force FANG-level access control protocols on them.

this is a very bad advice.

[sansnomme]

Not really, do you honestly want people to be hosting their own email servers? Stuff like networked filesystems and NAS over VPN requires a tremendous amount of work to properly secure. Better give the money to a *aas company than to waste it on incompetent IT departments. Especially since a lot of companies consider IT to be a cost center instead of a source of value. Idealism is nice and all but most companies won't care enough and data protection laws don't magically make the problem go away. More pragmatic to simply outsource security to more qualified technical companies instead of trying to do it yourself. Also, low level OS/assembly level domain knowledge isn't as useful for non-technical, SMEs. There's not much a company can do when you tell them their 30 year old in-house CAD software written in Fortran 77 parses file in an insecure way after fuzzing it. Their original programmer is long gone. They are not going to rewrite it anytime soon. Sticking it in a VM may be their best option. You are not there to engineer a malware to break their systems. You are their to tell them what's wrong and how to fix it in the cheapest way possible. Threats from phishing, ransomware, and poorly implemented BYOD policies are a lot more dangerous to most companies.