IT career people, is a degree in cyber security worth it?
Discussion
Secret lemonade drinker said:
LinkedIn influencers usually spout things that sound good but are far from it, it’s amazing how many women get huge followings
This *lots, I know a few "speakers & inluenzas" in this industry and it's amazing how self-generating it is. The circle jerk and blindly nodding believers behind them absolutely baffles me, especially when none of them have actually achieved anything in industry or would anything they say work . The amount of I did x, y, z, that can't be backed up because of some BS reason is hilarious. Shrugging for victory said:
This *lots, I know a few "speakers & inluenzas" in this industry and it's amazing how self-generating it is. The circle jerk and blindly nodding believers behind them absolutely baffles me, especially when none of them have actually achieved anything in industry or would anything they say work . The amount of I did x, y, z, that can't be backed up because of some BS reason is hilarious.
+1 and as much in the cyber echo chamber as anywhere else if not more so. I had to fire a guy a decade ago because he was so s
t and now he is on linkedin as a ciso (apparently) and has done this that and the other, but no mention of the org he got fired from, oddly.bmwmike said:
+1 and as much in the cyber echo chamber as anywhere else if not more so. I had to fire a guy a decade ago because he was so st and now he is on linkedin as a ciso (apparently) and has done this that and the other, but no mention of the org he got fired from, oddly.
Not Craig is it?t and now he is on linkedin as a ciso (apparently) and has done this that and the other, but no mention of the org he got fired from, oddly.eeLee said:
also remember cyber 
is not just ZT.
Agree is not just ZT. but the term is everywhere these days sadly. I'm old enough to remember when it meant something you shouldn't be doing at work, and now they pay me to do it to look out for the people who shouldn't be doing it.Infosec is whatever the cyber marketeers say it is next week.
bmwmike said:
Infosec is whatever the cyber marketeers say it is next week.
It's been my petty hate, cyber. ZT I can deal with, it's bullcrap too but transient.Cyber security. information security, infosec.
In the end, it's defence in depth, it demands a wide understanding of IT and needs you to think like a hacker sometimes. One component is no silver bullet, you need many layer of defence and need to plan for people to be twots. Also you need to be able to sell a pure cost centre - with no visible ROI - to your CFO.
It's fun. You want to focus, be an engineer. You want to face up to the storm face-on, be a CISO.
My service run mostly internal securing online banking for an unfortunately-famous Swiss bank. No incident in the past 6 years (my time) has been anywhere near online banking
and no, I am in no way worried for my job, the pastures are extremely ripe 
Secret lemonade drinker said:
I got stick on LinkedIn for rinsing the CISO community by saying if your company has less than 50 people or you’re still configuring firewall rules and responding to events, you’re not a ciso.
The CiSO is the most bullst role that exists.
A CISO does not implement firewall rules.The CiSO is the most bulls
t role that exists. A CISO may be involved in defining what happens in a SOC but probably isn't doing what has been defined.
I had a chat with somoene who has a small company today and we both agreed he could not quantify having a dedicated CISO nor afford it. He body leases the skillset at present, rightly so.
The array of things I have to handle is incredibly wide and actually more than the "inch deep" that one of my certifications suggests.
eeLee said:
A CISO does not implement firewall rules.
A CISO may be involved in defining what happens in a SOC but probably isn't doing what has been defined.
I had a chat with somoene who has a small company today and we both agreed he could not quantify having a dedicated CISO nor afford it. He body leases the skillset at present, rightly so.
The array of things I have to handle is incredibly wide and actually more than the "inch deep" that one of my certifications suggests.
We also outsourced the role and are very happy with the arrangement. We just aren't big enough to justify what someone really good costs full time. But his job isn't messing with technology, it's advice and review. The difficult thing is not so much securing the systems as demonstrating to our UK and EU regulators that this is the case. We're captured by regulations designed for much larger entities. A CISO may be involved in defining what happens in a SOC but probably isn't doing what has been defined.
I had a chat with somoene who has a small company today and we both agreed he could not quantify having a dedicated CISO nor afford it. He body leases the skillset at present, rightly so.
The array of things I have to handle is incredibly wide and actually more than the "inch deep" that one of my certifications suggests.
The CISOs where I work are usually promoted in to post from 'real work' role once they realise they are not good enough to survive, but have learned enough buzz words. The problem is such roles are usually recruited by other director level people who don't know the area well enough to smell past the buzz words. Similar to most director / vp / cxo / other grandiose title roles.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff