08-31-2019 03:47 PM - edited 02-20-2020 09:10 PM
First, this post is not intended as that run-of-the-mill elitist "why isn't everyone as smart as me?" kinda post, but I do want a gut check.
I keep meeting "security professionals" who'd struggle to match the technical expertise of a help desk admin.
Cases:
1: My company just brought on someone with a Master's in Cybersecurity from an online school, and had 10 years of experience working risk compliance for a prestigious government contractor. I got to talking with him and he didn't know what a VM was. No, I am not joking. There is plenty more to say about this person, but let's move on.
2: I keep hearing security professionals bring up absurd concerns during meetings with management meant to determine how our budget is spent. Concerns like "if we allow speakers, they can be turned into microphones and steal keystrokes from our air-gapped devices." Yes, we've all read that article talking about that theoretical attack, but when actual pressing issues like {insert pretty serious vulns here} exist. They can't prioritize hypothetically NAC or MFA over expensive countermeasures for the latest scary Wired article.
3: I meet otherwise highly credentialed people who struggle with basic IT concepts. What I will list here is more forgivable than the previous two, but still worth mentioning. Issues like not knowing theoretically how a DMZ is set up, not knowing the difference between a subnet and a VLAN, failing to understand the difference between giving someone limited admin rights vs giving every sysadmin domain admin, etc etc.
Let me make this clear: I am NOT talking about folks with less than 5 years experience. We should embrace our up and coming security professionals. But I feel like I am surrounded by people who have no business being in security who are there simply because organizations can't fill those roles with anyone else.
Thanks for reading my thing.
08-31-2019 11:04 PM
I've been in IT for almost 40 years, most of that time having security as a primary or at least secondary role. I have worked in both public and private sectors - both on the end user and reseller side. In my experience there isn't any one specialty that suffers from a disproportionate share of less than fully-qualified individuals.
There are a very high number (disproportionately so) of cybersecurity vacancies; so many organizations may be struggling with staffing those properly. It sounds you've had the unfortunate experience of interacting with low-performing or lesser qualified cybersecurity professionals. I can say from first hand experience that most of the ones I have dealt with have been doing their jobs to the best of their ability and often with great benefit to the organizations they serve.
Whenever I come across someone who's making unwise choices or recommendations - be it in security or elsewhere - I do my best to inform the discussion with better-reasoned explanations and recommendations so that we collectively advance the status quo to a better place.
07-21-2020 07:03 PM
@dhanushxdhanushx29596 why did you repeat the first paragraph of my earlier reply as your post?
07-27-2020 03:46 AM
Presumably so they could spam their link to MXPlayer, whatever that may be
07-27-2020 04:35 AM
@neil.woodhouse thanks - I didn't see that spam link earlier.
Anyhow, it's not posted anymore - I sent the post to moderation limbo. :)
02-24-2022 03:24 AM - edited 02-25-2022 10:14 PM
The term "security professional" is too overloaded and broad. Do you want a software engineer who knows how to create secure applications? Do you want a risk/standards/compliance lead? Do you want an IT professional that knows how to keep infrastructure secure? Do you want someone in a SOC? Do you want someone to run a bug bounty program? Do you want a pen-tester that can hack the **bleep** out of your IoT product? do you want a pen-tester than can hack the **bleep** out of your infrastructure? All of these require different skillsets and different people. But they are all "cybersecurity professionals" vidmate instagram video download
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide