@marcoarment One approach is to say that you are aware of it and it is on the roadmap to get implemented next quarter. A majority of these are sent to so many targets that they’re just looking for payment. Another option is to give swag instead of $
@poiThePoi@hacks4pancakes Find out if anyone with security exp helped them with the decisions into their design and what was the focus. Based on their response, you can then ask more questions about arch or go into asking about other aspects of security (access mgmt, sec config, sdlc, sec mon, vuln, etc)
@poiThePoi@hacks4pancakes Then ask if everything talks with each other over the Internet restricted by IPs or if they have a firewall and network segmentation where specific resources talk only to other resources via private networks