• darth_helmet
    link
    fedilink
    arrow-up
    35
    arrow-down
    3
    ·
    edit-2
    1 year ago

    Cybersecurity, as a profession, is a fool’s errand.

    Dedicated security staff exist solely to teach real engineers how to do their job, and the fact that such personnel exist is a catastrophic failure in computer science curriculum

    • Fizz@lemmy.nz
      link
      fedilink
      arrow-up
      17
      ·
      1 year ago

      It often seems cyber sec staff write reports on what should be done with no understanding of why and this leads to them fretting over things that are not actual vulnerabilities.

      • darth_helmet
        link
        fedilink
        arrow-up
        17
        ·
        1 year ago

        200 vulnerabilities, 2-3 that might actually be exploitable, and no prioritization. But look at these metrics!

    • devious@lemmy.world
      link
      fedilink
      arrow-up
      15
      ·
      1 year ago

      I don’t know if I am right but I am of the opinion that Cybersecurity should be considered a mastery branch on top of basic engineering skills. But it feels like there are so many Cybersecurity experts who do not understand enough about the underlying engineering concepts to be effective in their role.

      • Scrubbles@poptalk.scrubbles.tech
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        That’s the real problem. Cyber security experts know bare minimum about coding, and coders can tell. Their knowledge only goes skin deep when you ask them to clarify an exploit, or to give a workaround. So coders usually tend to brush them off.

        It should be a collaborative effort, security and coding, where security can fully understand what is being built and offer potential secure workarounds