John StrandJan 14, 2023

I wanted to take a few moments and apologize to many of my former students.

In the past I said the industry needs people who look at security as a vocation and an avocation.

I was wrong.

Have a life outside of this industry.

Have hobbies that have nothing to do with your computer.

Get outside.

The problems of the industry are not problems of people not working hard enough.

They are not problems of people not being "hard core" enough.

They are problems of education and resource prioritization.

I was wrong.

I am sorry.

Stop breaking yourself on rocks for people who don't really care if you break yourself on rocks.

Show threadDominic
@strandjs what changed your mind about this?
Jan 15, 2023 at 9:57amWeb
Show threadJohn StrandJan 15, 2023

@barometz

Tech debt.

FAA, Southwest, <Insert breach of the day here>, lots of pen tests...

So many of the issues we face today are because the people in charge look at IT, security (and many other things) as cost centers that need to be minimized.

And to be honest, that is their job.

But, I get tired seeing and hearing about IT systems from the 2000's and even the late 90's running critical infrastructure. This also is represented in less severe ways in security. No budget for proper testing. Getting the product out the door is all that matters. Not investing in the education of their people. The list goes on.....

The point is this. The industry is spreading. We are not all progressing at the same rate. There will be first world IT, third world IT and developing IT infrastructures.

Your goal as an IT pro, a human and infosec pro should be two fold. First, be the best you can be at your job within the 8ish hours that your employer buys your time. Second, find a good company that believes in the importance of their IT infrastructure and security teams and invests accordingly.

Find a good home.

Stay there.