I can't help but see security professionals as fakers, they seem to mostly be box-tickers rather than the professionally curious, in school and college I was up to no good with tech, but now when my employer is recruiting to establish an in-house cyber team I know I'm not what they're looking for and never was.
I exclude the RE guys who are undoubtedly extraordinary.
I think like most things there is a power law distribution when it comes to these sort of roles. I've worked with a few really good security teams in my career. The good ones work with the teams, possibly embedded on improving security. The better ones also write tools and libraries for service teams to consume. The best ones act like internal white hats, constantly probe and assess, and submit patches as well.
Sadly the vast majority of sec teams are not this and exist solely to run some tool that spits out a list of dubious vulns and then dump said list as a pile of tickets into the dev backlog.
One place i worked, the CISO even came up with some slogan for the info-sec along the lines of "observe and report" after I kept trying to show the info-sec how to run, build, test, and patch our various packages and tools their scanners would complain about.
"Riffling through other files, Mendax found mail confirming that the
attack had indeed come from inside MILNET. His eyes grew wide as he
read on. US military hackers had broken into MILNET systems, using
them for target practice, and no-one had bothered to tell the system
admin at the target site.
Mendax couldn't believe it. The US military was hacking its own
computers. This discovery led to another, more disturbing, thought. If
the US military was hacking its own computers for practice, what was
it doing to other countries' computers?
"
>This is not unlike the surprise in underground.txt
I thought that was originally a book?
I distinctly remember reading it during an in school suspension in the 2000s.
I tried to go back to my township library and read it again years later, but someone had stolen it around the time that Wikileaks truthfully revealed that the DNC had kneecapped Bernie in the primaries.
(Many folks don't seem to distinguish between the public airing of unpleasant truths that could not be aired without their own actions, and "disinformation" in the "covid is a hoax" vein. To them, anything contrary to their narrative is evil and bad, and if only those dastardly Russians would stop making them look bad my making them send several illegal emails they could stop voting like Republicans)
jpfromlondon|6 months ago
I exclude the RE guys who are undoubtedly extraordinary.
awithrow|6 months ago
Sadly the vast majority of sec teams are not this and exist solely to run some tool that spits out a list of dubious vulns and then dump said list as a pile of tickets into the dev backlog.
One place i worked, the CISO even came up with some slogan for the info-sec along the lines of "observe and report" after I kept trying to show the info-sec how to run, build, test, and patch our various packages and tools their scanners would complain about.
supernetworks|6 months ago
"Riffling through other files, Mendax found mail confirming that the attack had indeed come from inside MILNET. His eyes grew wide as he read on. US military hackers had broken into MILNET systems, using them for target practice, and no-one had bothered to tell the system admin at the target site.
Mendax couldn't believe it. The US military was hacking its own computers. This discovery led to another, more disturbing, thought. If the US military was hacking its own computers for practice, what was it doing to other countries' computers? "
firefax|6 months ago
I thought that was originally a book?
I distinctly remember reading it during an in school suspension in the 2000s.
I tried to go back to my township library and read it again years later, but someone had stolen it around the time that Wikileaks truthfully revealed that the DNC had kneecapped Bernie in the primaries.
(Many folks don't seem to distinguish between the public airing of unpleasant truths that could not be aired without their own actions, and "disinformation" in the "covid is a hoax" vein. To them, anything contrary to their narrative is evil and bad, and if only those dastardly Russians would stop making them look bad my making them send several illegal emails they could stop voting like Republicans)
guitmz|6 months ago
shiftlessunity|6 months ago
aaron695|6 months ago
[deleted]