|
|
|
|
|
|
by OJ
3473 days ago
|
|
|
The notion of a national certification plan is being laughed at by anyone who is in the industry for the right reasons. Those involved in the classic commoditised scan-and-bang assessments will love it as it'll continue to keep the cash flow churning. Some have even suggestion "cyber conscription" to force people to do government work if they're capable. This, and the recent articles indicating that the government wants people to "volunteer" their time goes to show that they want people for the lowest possible price. The problem in Australia here is no different to overseas: the focus is on useless certifications and compliance, cheap resources, and security theatre. CEH and CISSP are alive and kicking because of this. All of the above is beside the point. Troy made CEH PluralSight content because PluralSight's people wanted it. It's really that simple. The blog post is just marketing for that content. |
|
|
Yes but the majority of enterprises are not in the industry. These stupid certifications are being pushed by our largest accounting firms (where Arno Brok is connected), and these are influential to business leaders.
> Troy made CEH PluralSight content because PluralSight's people wanted it
I hadn't considered that. Good point.
>the focus is on useless certifications and compliance
It's hard to explain to people in "real" security just how hopeless the current "compliance security" situation really is. Consider this situation. A user goes on holidays for two weeks. Before leaving, they turn off their laptop and lock it in a cupboard.
I've just described a critical incident. I can expect to be writing up incident reports, and reporting to management on "root cause" and how we can avoid this incident recurring. Can anyone in "real security" even see the problem?
Why, after two weeks, their desktop antivirus is out of date.