I have said it before - the security industry is the most dishonest industry in the world. It lies to its clients, it lies to itself, and it lies to the people it attracts to work in it. It's built on fantastical bullshit like 'risk', and hides behind jargon and nonsense terminology.
Now, let's put that to the test, shall we?
Think about yourself. Think about your entire network of security practitioners, in every area of the industry they can be found and at all levels.
How many of them would utter the phrase 'I'm actually pretty shit.'
How many would even say 'I'm really average when it comes to this security lark.'
How many would admit to not knowing something?
I haven't met any in over 30 years. Everyone is a fucking expert. From the security guard at the shopping centre to the CISO and even the NED.
Funny thing, though. None want to get on a recorded call with me so I can ask them questions to prove themselves. Even questions about what they claim expertise in, so no trick questions either.
The 21 weeks of polls I ran on here demonstrate with absolute clarity that most security practitioners ARE shit. They cannot think for themselves (i.e. critically) and have weak comprehension skills. They don't know the proper terminology or how to use it. They don't have a conceptual grasp of what any of it actually is or means. Or how it connects. They make up for all that with ego, though. That and wanking about with IT.
Of course, I had an IT 'architect' asshole recently who told me that I am 'not someone who can judge how shit someone is at security'.
Yes, I am. If you cannot clearly discuss the basic principles of what you do...you're shit. If you're taking money for it, you're a charlatan...or worse.
Full disclosure - there are areas of security that I am utterly shit at - at the operational level. They are areas I haven't worked in or have no interest in. Whether we are talking about bodyguarding or CCTV installation ...not my bag...at the operational level. There are plenty of people far better than I am in those things. I can discuss the higher-level principles at play in how those things work, however. If I professed an interest in any of those things, I'd go and learn them - BEFORE opening my cakehole in public about them. I prefer to defer to the better informed.
Everyone else wants to be seen as an expert without doing the work. You can see this in people who refuse to stay in their lane.
I also still get assholes who think 'experience' is most important. That includes a 30-year 'veteran' who thinks 'vulnerabilities create risks'. 🤣
So - what are you shit at? What do you want to be less shit at? What do you want to excel at? Other than bullshitting.
Is it time for a career diagnostic call?
https://lnkd.in/evzJzEBd
Director of Security @ International SOS | Global Security Expert
1w"Stop thinking of networking as a chore; it should be fun."- This is absolutely true. Even if you are an introvert, networking should be enjoyable, especially in the Security field.