New job/beat that requires better security


Hypothetical situation:

Say you've previously been interested in information security and know the basics, but your reporting job hasn't necessarily required it. Threat models were relatively modest and sources required little protection. Now you're moving to a job where protecting sources is paramount and you're up against law enforcement and possibly nation states.

What's the best strategy? Some attempt to scrub? Compartmentalization? You're doomed? What do folks here think?


That's a pretty broad question. I think Grugq said it best (I can't find the direct quote right now)... something along the lines of: if the benefit of hacking outweighs the cost of hacking, you're going to get hacked.

I think that simple rule can really sum up how many and what kind of defenses you put around your information. Once you get to the level of national spies coming after you, you move away from infosec and into actual physical (counter)espionage.

I guess my answer is kind of "you're screwed" but it's impossible to answer the question generally.