Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security)

[Michal Zalewski <lcamtuf () coredump cx>]

> Certification is coming, like it or not.  I do not like it,
> but it is coming.  The driver is a direct consequence of,
> and a direct confirmation that, the demand for security
> expertise exceeds the supply which makes the charlatan
> fraction rise especially as legal liability looks ever
> more likely to be serious.

If you look at the archives of attrition.org, I actually suspect that
the charlatan fraction is about as strong as always, and not
particularly threatening to the legitimate business; and, given that,
as that report sensibly acknowledges, even fairly reputable
certifications do very little to generate highly qualified security
personnel, I doubt any action along these lines would make much of a
difference.

The real problem seems to be that the government has suddenly realized
it needs top-notch IT and infosec expertise; and it can't get much of
it, largely because of the peculiar leadership and management
structures, and other problems that tend to be self-correcting in the
commercial sector (particularly in the civilian arm of the .mil
domain).

This is also fueled by people who see this trend as a good career
opportunity, and further perpetuate the sense of utmost urgency; but I
genuinely think that despite all the high-flying rhetoric, companies
and governments alike have more to fear from bored teenagers, than
from enemies of the state; see:

http://lcamtuf.blogspot.com/2010/06/intrusion-detection-doing-it-wrong.html

/mz
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave