Inside A Government Agency With No Threat Model

A central government department relied on a part time virtual security lead, ageing tools and no central view of security data, with nobody owning real decisions. When asked what type of attacker would target their systems or whether they had a threat led defence, nobody from engineering to leadership had an answer, despite direct access to national guidance. #razorwirepodcast #cybersecurity #threatmodelling #publicsector #governance