So there is this posting at The Hill.
And it’s terrible. But also insightful.
And all of my cyberfriends are focusing on the former, and not looking at where the latter might be pointing.
It’s got this:
And it’s got this:
And this is likely a recipe for disaster:
But it’s also got this:
I have been in just one-too-many meetings with heavily cyber-credentialled CISO-wannabes who were completely incapable of talking to the Devops team without the assistance of expensive, pointless and horrific third-party consultants. The type of cyber-expert who really believe that what a startup really needs is a malware analysis and threat-intelligence team, rather than “let’s deploy 2FA and build phishing and drafting awareness”.
The author, Allen Gwinn ({ihnp4,jclyde,decvax,rpp386}!sulaco!allen) has been around the block a few times, is of similar vintage to me, and if he reads this I hope that he takes the vitriol being thrown at him on Twitter as a mark of respect.
And it looks like he’s already had to “mea culpa” from the onslaught:
Systems today are not what they were in 1990 when it was possible to find someone who understood router configuration who would not immediately be swamped by, or even might accidentally destroy, a subtle Docker setup. Someone who could configure both kinds of “iOS” (you know about the other one, right?) and fend off DDoS attacks, yet also patch a kernel and today push a new Terraform config.
Even within the field of IT, the field of infosec has sprawled tremendously, and has become populated by specialists who would be … suboptimal at other roles, rather than “mostly competent at worst”.
Of course they’re not going to like this. But they also don’t understand that this is how it used to be, and it was already fading when we got started.
But he’s definitely right that we need more and good generalists.
Leave a Reply