Here's a question for you:
What is at the root of all information security industry problems?
Oh shit! Talk about an ambiguous question. Yes, but who said ambiguous questions are bad?
Alright, let's break this down then.
First, the question assumes there are "problems". Are there? We think so, but...
- ~942,000 people in the U.S. are gainfully employed in this industry, and most of us are getting paid pretty well. Good paying jobs doesn't seem like a problem to me.
- Worldwide, the cybersecurity market is valued at $173B. Seems the people selling shit are doing alright, no problem here.
- Global "cybercrime" losses for 2020 were estimated to be $945B. The crooks DEFINITELY aren't experiencing any problems either!
So, where are the problems then?
Simple, look for the people who suffer, the victims.
They're the ones who get the short end of the stick. They feel the brunt (or symptoms) of the problems. They lose money, they lose businesses, they lose income, they lose peace of mind, they lose time, they lose productivity, they lose their privacy, they lose their innocence (especially kids), and they lose life.
So, yeah. There are problems!
One group clearly takes advantage of the other. We'll call them "Profiteers" and "Victims". There's one more group. There's a group of us who are trying to protect Victims from the Profiteers. We stand in the void.
- Profiteers: Cybersecurity practitioners who don't serve (potential) victims, companies hocking products that don't serve the (potential) victims, and the crooks who steal outright.
- Us: Practitioners who stand in between, serving (potential) victims.
- Victims: Governments, companies, non-profits, schools, everyday people (grandparents, parents, kids, etc.)
OK, so we've got problems. The masses become victims and feel the result(s) of the problems, the symptoms. Oh shit! The rabbit hole goes deeper.
We'll stop here, before things get too out of hand.
We need to save some shit for the Shit Show. Chris, Ryan, and I will take it from here. Maybe we'll get far enough down the rabbit hole, and deep enough into the shit to find some semblance of the "root of all information security industry problems".
Regardless of how far we make it, it should be entertaining!