There is a very interesting novel called ‘Sophie’s Choice’. Without giving too much away, the core fact of the book is a choice a Polish mother had to make in the concetration camps during World War 2 and the impact it had. It is a powerful book and the core issue has been identified with so much that it has become an idiom. To quote wikipedia: A “Sophie’s Choice” is a tragic choice between two unbearable options.
So what has this to do with information security you ask? Well recently I was reading an article which put forward that Senior information security staff are not technical staff but sales staff. They need to be able to sell the various intiatives in the best possible way. Now I actually do agree with this, but I do have a problem (or I would not be writing this obviously), and it is this: The predominant way this is put forward to information security people is that if you want to get ahead and effect real change and earn ‘big-boy’ money, you have to become one of these Senior IS staff. And thus you need to give up the technical skills and become a sales person.
This to me is a “Sophie’s Choice”. You can stay technical doing what got you into the field in the first place BUT you never earn greatly and you are limited in effecting business. OR you can give it up, and become a sales person.
My thoughts on IS folk with no skills is well documented in previous posts, and I know this is not the case at all companies, but it is the general rule with a few exceptions. And it is due to this that I lay the fact that we are losing the war on cybercrime. Businesses expect and reward political games, ass-kissing and spin-doctoring. Whereas the bad guys want technical people to do what they do best so they can make money, and they pay them for it.I believe this is why the bad guys are out-doing us across the board.
Yes this may be a whine, but surely our choices are not limited to sales or technical?