Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

About the infosec skills shortage

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 27 Jan 2015 09:23:46 +0000 (UTC)
http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-shortage

By https://twitter.com/addelindh and
https://twitter.com/0xtero
http://3vildata.tumblr.com/
Jan 26th, 2015
Today I got into an argument on Twitter that started with me saying something sarcastic in reference to a recent statement by a vendor and ended with a discussion about the skills shortage in security. Twitter can be a difficult medium sometimes and I don’t really feel that I got my point across, so this is my attempt to correct that.
Before I start I would like to point out that in no way do I think that this is the only reason there is a skills shortage in security, but that I do consider it a large contributing factor. 


In the beginning, there was firewalls
Enterprise investment in security has traditionally been in products such as firewalls, anti-virus, IPS/IDS, and so on. Security products has in turn been marketed and sold as “solutions” rather than tools; heavily automated and not really much to work with. Because of this, they have been considered as infrastructure components rather than applications, you just install and configure them and then let them do their magic. 


Automation is great, until it isn’t
The thing about buying automated solutions is that it removes the incentive to invest in knowledge of the problem the solution was supposed to solve. Why pay money so that someone can learn how to solve a problem that has already been solved, right? For an enterprise, this makes perfect sense, and for a while it worked. 

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: