This is a day where I’m LinkedIn-discovering a lot of people who are claiming to be cyber experts who’ve never held any role other than government policy or investment.
It vexes me when I’m brought in to mop up a situation created by people who’ve never touched a keyboard and yet somehow have been appointed to roles running government cyber policy development. I am greatly vexed.
Ask civil engineers who have built a bridge before making transportation budget policy. Ask doctors who have called a time of death before making medical policy. Ask survivors of abuse before making victim protection policy.
For heavens sake, ask a person who’s hacked a system before making cyber policy intended to fight cyber crime.
@Tarah While I see plenty of infosec people here like yourself who seem extremely knowledgeable, in my own work I've generally found that people assigned as "IT security" I've interacted with seemed to have pretty limited actual knowledge of system administration, cryptography, etc. Some can talk a good game until you get to specifics. Others can't even do that much. it is vexing and confusing.
Where I've seen this, my perception is that this is because the role is treated more as a paperwork exercise, writing security plans, documenting audits, and deviations from controls, etc., so it tends to select for people with a high tolerance for wrote paperwork rather than technical knowledge. Of course, that's conjecture based on very limited evidence.
Granted, these people were not being billed as "cyber experts," so it might be a different kettle of fish.
