A New Hope

• 03 June 2024
• cranky,
• community

It's not really that uncommon for me to get feedback on my writing that goes like "Shit, dude. It's all doom and gloom and depression and negativity with you!" I understand the sentiment, but I'd also recommend taking a look and really parsing the name of this blog. Does it say "Happy Sec?" No. Does it say "Hopeful and Optimistic Sec?" No. Do I look like this?

Reader, I do not. But I won't let that stop me from running my fucking mouth anyway, because I get the feeling that a wee dram of hope is needed right now. A morsel of optimism. A bushel of positivity, even. All is not lost, so let's get that hot take out of the oven.

This industry is all kinds of fucked up. One of the main reasons for that is the fact that this whole profession kinda came out of nowhere. We don't have a body of knowledge that goes back thousands of years. We don't have established institutions to create and enforce a code of professional conduct that practitioners must follow. We don't have professional associations that can perform any significant accreditation of prospective members. We don't have anyone whose sole job is to bat for us. And that fucking sucks.

It sucks right now. Those are clearly growing pains, and one of my objectives here is to make it hurt a lot so we can get over it quickly, and move on. Call me an "accelerant." Or a wannabe one. Many of you don't know this, but some of us are legit trying to work something out that would at least function as an attempt to solve the aforementioned clusterfuck. The previous sentence contains a lot of weasel words, true. That's because we don't know what we're doing, we don't know how to do it, and we don't know if we are ever going to succeed. So, weasel words instead of big promises we don't know we can keep.

It sucks right now, but it doesn't have to suck forever. I bitch and moan a bunch here because it sucks right now. And I'm here right now. Making things better for the next generations is a very noble thing to do, and we're really trying, but I would also like to enjoy the fruits of a successful movement. Also, the fight for a better future cannot be fought in the future. It needs to start 15 years ago.

Right now, cybersecurity is the wild west. And, as we all know, the wild west style of business management is not sustainable. Folks are going to realize that the current model doesn't work. They are already realizing that. People who thought they would get 200k/year just by getting a CISSP are going to bail when it becomes clear that it's not that easy. It's already happening. The number of 10-ply CISOs will dwindle when everyone realizes they're all full of shit. It will be harder to fake your way through this industry, and they fucking know it. How do I know that they know? Just look at how many of those fucks are vehemently against any kind of accountability. It doesn't even need to be from governments. Anyone. If you start looking a little bit closer, you'll see that they are hucksters. So, don't look!

Companies selling miraculous tools that will solve every single one of your problems will also need to take it down a notch or two. Competent cybersecurity leaders who will replace the current cohort are likely to be a lot savvier and will see through the bullshit in 4 seconds flat. And the boardrooms of the world will be a lot more diligent after a few decades of flushing money down the toilet. Maybe they'll flush money down the toilet on other things, but they will become smarter about what works in cybersecurity and what doesn't.

The field is young. We're learning. We're making it up as we go, and we still have a looooong way to go. Every important field in this history of mankind has gone through this. Blockchain, AI, and shit like that are just our field's lobotomy and asbestos. We'll look back with our 20/20 hindsight and think: "How the fuck did we even get through this without the world collapsing? What were we thinking???"

So, yeah. It's going to take some time. It's going to require some elbow grease. It's going to suck even harder before it gets better, I think. But, think about the alternative. Let's go, then. Come on over because right now...

• Previous: La vie en ROSI
• Next: This is a call