topic Re: If you are going to be a cybersecurity advisor ... in Industry News

If you are going to be a cybersecurity advisor ...

rslade — Mon, 09 Oct 2023 09:02:15 GMT

... it's possibly best to know at least a little tiny bit about what you are saying.

(Failing that, of course, you could always just shut up ...)

(This post has minimal editorial content in order to avoid making a "controversial political statement.")

(For the original postings, and various short commentary, see here.)

Re: If you are going to be a cybersecurity advisor ...

CISOScott — Mon, 10 Dec 2018 17:37:01 GMT

Yes, attended a security conference once and the poor guy they wrangled into giving a talk knew very little about a "pesky little virus" called Stuxnet. He had no clue about how sophisticated it was and just kept referring it to as a "pesky little virus" with trivial impact to anything. He was speaking to a room full of cyber people who knew much more about it than he did. Over half the room emptied out before the end of his talk and I feel the other half stayed just because they felt pity for the guy.

Please know what you are talking about if you get asked to do a presentation. Or at least have the decency not to try to fool your audience. Some people tried to correct him without looking too much like jerks, but he kept going back to his original premise.

Re: If you are going to be a cybersecurity advisor ...

dcontesti — Tue, 11 Dec 2018 19:21:39 GMT

Problem is that everyone thinks they know something about Security......

Re: If you are going to be a cybersecurity advisor ...

CraginS — Tue, 11 Dec 2018 20:32:08 GMT

@dcontesti wrote:
Problem is that everyone thinks they know something about Security......

Possibly the fault of our own community, because we (collectively) keep pushing security awareness training that includes the slogan, "Security is everyone's job!"

Re: If you are going to be a cybersecurity advisor ...

CISOScott — Wed, 12 Dec 2018 13:55:56 GMT

@dcontesti wrote:
Problem is that everyone thinks they know something about Security......

@dcontesti Reminds me of some good advice I got from one of my former bosses who was a pretty good boss. "Don't be afraid to tell me you don't know. But tell me you don't know, and that you will go research it and then get back to me. AND then get back to me, or the person you told this to."

I see so many people try to BS their way through something instead of just admitting the truth. I will have much more respect for you if you do not try to lie to me.

Re: If you are going to be a cybersecurity advisor ...

dcontesti — Tue, 18 Dec 2018 07:52:48 GMT

@CISOScott very sage advice Scott.

Re: If you are going to be a cybersecurity advisor ...

wwing — Wed, 26 Dec 2018 19:18:39 GMT

Spot on advice there..

I used to teach in the Military (Navy Instructor) and that's the same advice that was given to us.

If you don't know the answer be honest, look it up, and get back to the student.

Sailors (I was one) tend to be the worse students ever, always looking to trip you up, and let you know how much they know.

Re: If you are going to be a cybersecurity advisor ...

dreastans — Mon, 31 Dec 2018 17:19:31 GMT

I see so many people try to BS their way through something instead of just admitting the truth. I will have much more respect for you if you do not try to lie to me.
ds me of some good advice I got from one of my former bosses who was a pretty good boss. "Don't be afraid to tell me you don't know. But tell me you don't know, and that you will go research it and then get back to me. AND then get back to me, or the person you told this to."

But, some people have a need to appear right, even if they aren't right. I find you avoid a lot more arguments with a simple "I don't know, but let me get back to you." You also set better expectations that way.

Re: If you are going to be a cybersecurity advisor ...

Syne07 — Sun, 06 Jan 2019 19:27:13 GMT

This is a popular field with a strong need for additional resources.

I appreciate and understand the issue, however, perhaps the solutions is to help educate these resources and make them more effective.

Re: If you are going to be a cybersecurity advisor ...

Curiousmind18 — Sun, 06 Jan 2019 14:18:25 GMT

This was hilarious!!! But the problem is that people whom don't understand, don't hire people that do, I mean case in point heating with Google CEO ...it's saf

Re: If you are going to be a cybersecurity advisor ...

HTCPCP-TEA — Mon, 07 Jan 2019 10:26:00 GMT

Very sound advice from @CISOScott

I often find the best way to validate my own knowledge is when I attempt to teach or indeed participate in discussions/consultations. I also find that the knowledge I lack or things I have forgotten often get pointed out by those being taught or indeed those I have conversations with.

It's always best to be honest, say that you can't recall or indeed do not know, research the topic (or refresh on it) and go back to the person who was kind enough to point out your shortcomings.

But going back to the original post, I would agree with @rslade. If you don't know what you are preaching about, don't preach. It will only lead to some sort of issue, either for you or the intended recipient.

Re: If you are going to be a cybersecurity advisor ...

rslade — Mon, 07 Jan 2019 19:48:52 GMT

> Curiousmind18 (Newcomer II) posted a new reply in Industry News on 01-06-2019

> But the problem is that people whom don't understand,
> don't hire people that do

If you can tell the difference between good advice and bad advice, you don't need
any advice ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
In short, just as the Multics mentality of careful access
controls shows up throughout Unix, the cretinous CP/M mentality
of uncontrolled havoc shows up in DOS and all its mutant children
- Tom Christiansen
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB