Hacker News new | ask | show | jobs
by patrakov 1353 days ago
> The CISO didn't make the decision to enforce password rotation- the compliance programs your sales team asked for did

And it's the CISO job to resist unnecessary overcompliance which is just for the happiness of the sales team.
1 comments
plonk 1352 days ago
You don’t make the company lose business just because compliance is unnecessary. You’ll (rightly) get overruled every time.
link