"Even security has become so commercialized and politicized that customers are being forced to go outside normal channels."

The cynical comment is "I wonder why." For one thing, anyone can set himself up as a security professional, because there are no legal or professional prerequisites. For another, a fair number of security "professionals" try to stand out from the pack and advertise themselves by raising the noise level: (1) the more outlandish the statement, the better the sound bite; (2) writing and selling books is a good way to advertise. And then a bunch of organizations that no one had ever heard of spring up out of nowhere, and unilaterally set up certification "standards" - and then the personal choice boils down to: "Do I want to spend my valuable spare time chasing certifications, or learning what I need to do to secure the systems under my care? I have to choose, because I just don't have enough time or energy to do both". I'd say that at this point, the security branch of the IT tree needs some serious pruning.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/225/25547#25547