Alternate Qubes iso for business person

General Discussion
20

Overall, my experience in the professional space (public: Got Breach? “Whoopsie!” :person_shrugging: -OPM et al./private: Got Breach? “Whoopsie!” :person_shrugging: -Experian et al.) is directly contrary to your sentiment but, who knows; maybe I need to “get out more”, :thinking:

Most organizations/individuals care very little about security and/or privacy, the focus is on liability. Very few organizations are willing to invest in ~resources~ humans which are able to (over-time) design, develop, document & distribute sound computing processes, procedures & OPSEC; especially when Gartner suggests a new “killer-app” (pizza box or :cloud: ) for CxOs to gobble up, each year. :turkey:

Until the day comes when the consequences of breach match the impact of said breaches (read penalties/fines are percentage-based per revenue … don’t hold your breathe :exploding_head:), C-Levels are MORE than happy to piss in the bucket and keep it moving. :hugs:

Furthermore, I don’t see such an “official” Qubes offering as you suggest becoming a reality unless someone/some group decide to fork and do so.

Until investment (temporal, financial or otherwise) is required. :stop_sign:

[edited]

Perhaps “typical” is the key word in this statement as, most groups seem to have fallen head-over-heels for layer after layer ~of “ease-of-use”/“rapid deployment” complexities~ to create abundantly more opportunities for failure.

* Disclaimer 0 *
  • To date, I’ve not yet the opportunity to admin Qubes in a fortune 500 production environment.
* Disclaimer 1 *
  • Certs are a bit cheesy for my personal taste but, they serve two purposes well:
  1. Offer candidates to display a certain level of awareness related to solutions
  2. Offer hiring managers to promote said awareness to customers (internal & external)

IMO, Qubes is pretty straight forward from a zero-trust admin perspective:

  • Xen is the hypervisor layer (virtualization in production is nothing new and widely adopted & Citrix offers many different certifications in and around Xen use)
  • The rest (whether it be *nix or Winblows also with many certification options) is good old-fashioned, vanilla administration

If this forum is any indicator, the most common challenges users face/speak up about are:

A) Linux-centric hardware troubleshooting (unfortunately, still pretty standard in this day & age)

B) Linux-centric software troubleshooting (thankfully, not the hardest challenge to overcome)

If corporate adoption were a goal, shrink-wrapped, publicly available training(s) and/or certification(s) options are some of the more common options toward said goal.