> That a top-level security expert would have left all his own passwords exposed was transparently ludicrous
Not quite. Some experts apply all their own expertise to themselves, others are more lackluster about their own opsec because they 'know what they are doing' or 'this isn't anything important'. Never underestimate human laziness.
I work in IT security and I see the full range of total disinterest to full tinfoil hat mode in this environment when it comes to people's own resources.
Also, it depends on people's area of expertise. Most of our networking security specialists are running segmented VLANs and IDS at home, and WPA3 with all the trimmings. The Windows AD security guys would just have whatever router the provider provides and sometimes don't even change the provided wifi password (which in many cases is algorithm-generated based on the MAC address or something!), but their windows workstations would be top-notch secured.
It is transparently ludicrous to assume as a matter of evidence. Yes, many people are stupidly incautious, particularly when they "have nothing to hide". But having nothing to hide and therefore being incautious make planting anything easy.
Back in the office days I'd see senior-tier engineers without uBlock, loading blatantly malicious ads and being redirected to fake flash player download pages while giving a presentation, Firefox message saying that their SSO password (saved in browser of course) is reused in other places and shows up in compromises, browser addons on work PCs that exfiltrate every URL visited and inject rubbish onto every page like Honey or Rakuten, signed into personal accounts on a work device...
Not quite. Some experts apply all their own expertise to themselves, others are more lackluster about their own opsec because they 'know what they are doing' or 'this isn't anything important'. Never underestimate human laziness.
I work in IT security and I see the full range of total disinterest to full tinfoil hat mode in this environment when it comes to people's own resources.
Also, it depends on people's area of expertise. Most of our networking security specialists are running segmented VLANs and IDS at home, and WPA3 with all the trimmings. The Windows AD security guys would just have whatever router the provider provides and sometimes don't even change the provided wifi password (which in many cases is algorithm-generated based on the MAC address or something!), but their windows workstations would be top-notch secured.