[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] About the infosec skills shortage
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2015-01-27 9:23:46
Message-ID: alpine.DEB.2.02.1501270923330.31911 () infosecnews ! org
[Download RAW message or body]

http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-shortage

By https://twitter.com/addelindh and
https://twitter.com/0xtero
http://3vildata.tumblr.com/
Jan 26th, 2015

Today I got into an argument on Twitter that started with me saying 
something sarcastic in reference to a recent statement by a vendor and 
ended with a discussion about the skills shortage in security. Twitter can 
be a difficult medium sometimes and I don't really feel that I got my 
point across, so this is my attempt to correct that.

Before I start I would like to point out that in no way do I think that 
this is the only reason there is a skills shortage in security, but that I 
do consider it a large contributing factor.


In the beginning, there was firewalls

Enterprise investment in security has traditionally been in products such 
as firewalls, anti-virus, IPS/IDS, and so on. Security products has in 
turn been marketed and sold as "solutions" rather than tools; heavily 
automated and not really much to work with. Because of this, they have 
been considered as infrastructure components rather than applications, you 
just install and configure them and then let them do their magic.


Automation is great, until it isn't

The thing about buying automated solutions is that it removes the 
incentive to invest in knowledge of the problem the solution was supposed 
to solve. Why pay money so that someone can learn how to solve a problem 
that has already been solved, right? For an enterprise, this makes perfect 
sense, and for a while it worked.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/

[prev in list] [next in list] [prev in thread] [next in thread]