I left security a few years ago because I saw the industry turning to shit. It's gotten worse since then, IMO.
What I see as the contributors to this, in no particular order:
- Computer security is growing much, much faster than software in general. This has attracted a lot of snake-oil salespeople, bullshit artists, and gold-rush types.
- The genuine security talent pool is very small, and not growing nearly fast enough to meet the genuine need. A lot of organizations end up staffing their security teams with incompetents because their only other option is not hiring anyone at all.
- Security education, training, and mindsets all seem stuck in the '00s. People who make the effort to learn about security end up learning a bunch of stuff that's simply not applicable to modern software, and they miss a bunch of stuff that turns out to be really important.
I left security a few years ago because I saw the industry turning to shit. It's gotten worse since then, IMO.
What I see as the contributors to this, in no particular order:
- Computer security is growing much, much faster than software in general. This has attracted a lot of snake-oil salespeople, bullshit artists, and gold-rush types.
- The genuine security talent pool is very small, and not growing nearly fast enough to meet the genuine need. A lot of organizations end up staffing their security teams with incompetents because their only other option is not hiring anyone at all.
- Security education, training, and mindsets all seem stuck in the '00s. People who make the effort to learn about security end up learning a bunch of stuff that's simply not applicable to modern software, and they miss a bunch of stuff that turns out to be really important.
I can go on.