Re: Experienced hacker employed by media site ---mmmhhh
Maybe. But they're better than the trash the educational system puts out with CompSci degrees and security majors.
The way that cybersecurity and infosec is handled in professional environments is also very wrong.
Somehow what is a very technical profession has been turned into a managerial one.
I've been skimming the content of the CISSP and while the technical element is very good. The managerial element (which is the main focus of this cert) appears to be a very thinly veiled "who to blame" and how to "pass the buck" framework.
I think we need to reasses exactly what a cybersecurity person is supposed to do otherwise the industry is going to change for the worse and become one of those bullshit roles like "Digital Transformation Consultant" and so on.
In my view a cybersecurity person should be the bridge between your IT guys and the top brass. Overlapping with the IT guys (but not so much that it becomes a conflict of interest).
They should be in the room when your website is being redeveloped, new tech is being deployed etc.
They should not be hived off to simply churn out reports, recommendations, advisories and user training.
Cybersecurity folks are the worst people to deliver cybersecurity training because it's often very difficult for them to relate to users stance on getting their job done. Which is key because the vast majority of security related issues stem from your users.