Overrated/Underrated with J4VV4D

I really like working in Information Security (or Cyber Security if you prefer). It is a fascinating and challenging profession. But i also enjoy the world of economics and am a big fan of NPR Planet Money. Their podcasts are a refreshing change to my usual security podcast rotation. One of my favourite segments is ‘Overrated/Underrated’ where they ask economic experts to share their opinion on whether an item is overrated or underrated by the society/profession, relative to how s/he believes it should be rated*. I always find it great to hear the views of the questioned experts; sometimes they are controversial, sometimes in line with my own views, sometimes flippant or funny, but always thought inspiring.

I thought; Hey, in a profession with such strong views as in InfoSec, this should be good. Why not ask some people who know information security inside out and see what they have to say. Fortunately, infosec cynic and superhero Javvad Malik agreed and was kind enough to share his views on three items.

‘A seat at the table’

OVERRATED! About 5-10 years ago we heard the constant banging about how security needs a seat at the table. How else would the world survive without a voice at the table. But we’ve now seen many voices getting to the table and it’s changed little. What many have failed to understand is that a seat at the table doesn’t guarantee influence, in fact, it can backfire if you’re under-prepared. 

CISSP

I’d say it’s neither overrated or underrated (can I do that). It is probably the most misused and misunderstood. Get’s more hate from people than it probably deserves, but at the same time pushed by HR departments / hiring managers far more than it deserves. 

Phishing Exercises

Underrated… with the caveat that they need to be done right. It’s easy to do a phishing exercise to say, ‘Ha gotcha!” – which doesn’t help anyone. It needs to be an educational exercise through which the user learns and coupled with some good training, changes their behaviour.

Well, there you have it. Do you think Javvad is spot on or way off? Share your comments or write your own post. The important bit is that we, as a profession, keep an open mind and continue with constructive discourse.

Oh, and check out Javvad’s website at https://javvadmalik.com/

* They borrowed the idea themselves fromĀ Tyler Cowen’s podcast


This blog post originally appeared on LinkedIn