Yeah, I get it. I haven’t been consistent. I am trying. But, I got absolutely railroaded by a horrible, horrible illness. You don’t care and that’s okay, just that’s why I’ve been missing. But I’ve been reading, tweeting, and logging hours and hours in InfoSec training. I’ve also been learning how to play the N64, because I never had gaming consoles growing up. Yeah, so my noob status is for real. Whether it’s N64 playing or learning InfoSec, I’ve only been at it about a year…and not full time. It’s a labor of love. And frustration.
Speaking of labor and frustration, I’ve been really interested in the #unqualifiedfortech conversation that erupted after Equifax’s Security Meltdown. Since scooting myself into the InfoSec world as a writer who wants to learn, it was curious to me about what barriers I might be up against as I immerse myself in this field. It’s well known that techies aren’t very diverse and don’t necessarily treat women that well. I’d really like to have some dialogue with folks about this beyond the hashtag and people who have no educational background in tech to tell me how they got there, especially if they are working in security. Because my gut tells me that if you’re working for a tech company in a non-tech job, like say, public relations, or sales, that’s understandable — even from my neophyte perspective. But, not having a tech background and working in security, or even worse, leading in security, seems like sending a soldier to war without her knowing how to fire her weapon. I’ve had discussions with the circle of hackers who let me tag along and glean information from them like the fifth wheel that I am who are up against some really clueless leaders. They want their own hashtag: #shutthefuckupaboutyourstupidgoddamnmetrics.
I remember when I was working in corporate communications, a lot of the MBA grads would want to come in and apply black and white principles to things that weren’t black and white. I can tell you how many press releases I sent out but knowing exactly a) how many media outlets picked it up for certain, or b) actions taken by the audience based on that press release are harder. I can see the same sort of situation in information security positions. Because as Equifax showed and numerous less public situations, if you’re a leader, you best have a good team around you and let them do their jobs and not stunt their capabilities to do the job you hired them to do: protect your company and information. However, if you think you’re going to apply your web design background and MBA to your security team and make them spend time doing anything but security, you’re creating a vulnerability. And that’s a vulnerability your team may be hard pressed to fix if they are going to keep their job. We all can’t be Myke Cole.
So am I off base here? Am I simplifying things too much? My gut tells me, “No.” Let’s talk. I really want to know from those outside my circle. I want to know. As a writer, as a reporter, first, I’m curious and I think there’s more to the story here.
As in weeks past, feel free to leave a comment here about any of those articles. Let’s learn from one another. Okay, have pity on the noob and let me learn from you.
Have another great week InfoSec geeks. See you next week.