[graylights]

Software is only one part. Do you trust your hardware, your people, your supply chain, your physical security. "Truly motivated" can mean extreme resources and willingness to cross all boundaries.

Are you secure if your admin's child is kidnapped and the ransom demand is for network access? Are you secure from the Secret Police wanting to hijack your service for their purposes?

Once you accept you CAN'T stop truly all attacks you can be comfortable with acceptable risk and work to mitigate realistic risks.

[btown]

Yep - this is why you might try to limit pivoting based on an assumption that everything is compromised, you can require coordination from multiple geographies to unlock access to certain highly sensitive resources, you ensure that these protocols aren't published, and above all you follow the New York Times Test: don't type anything that you wouldn't want to see on the front page of the NYT. This requires pride in security at all levels of your organization, and it's something that few organizations outside of the military get right.

[yifanl]

It boils down to this: if you can access secured data, then someone following the same steps can also access it.

So unless you advocate for no secured data, you are vulnerable to a sufficiently sophisticated attack (I.e. hypnodrones hijack your mind)

[newman314]

I’ve bypassed the man trap for a DC by accident before so I guess I’m good? :)

Can’t remember how I did it but my former coworkers still tell stories about it. Lol.