1st way.... if somebody calls themselves an expert.

Confirm with me, Caute, but I think the link has been taken down.

Interesting story how the CIO went to the author and said he felt they had been "sold" a faulty bill of goods in the CISO who wasn't up to snuff. Arguably, the issue here isn't the "fake" CISO, it's the fake CIO (and CEO). How far back did they put their company because they hired a C-suite position that they didn't know how to evaluate?

You have to have good organizational governance to have the accountability that goes with security. You can't just hire a CISO, give him or her an assistant, and say "here, security is your thing." You're talking about policies and procedures that must be promulgated through every business unit. And those units must be accountable to senior management (i.e., the CEO), who is then accountable to the board. Instead, the corporate mentality has been to just plug in a CISO at the top of the org chart - "Acme, Inc., now with CISO!" In the end, if you don't have a good governance model, you end up bloating your most expensive level of an organization, and you take resources from the lower levels. You end up with corporate constipation because the C-suite turns into one big blockage.

The link is good to me.

Honestly there are many fake "experts".

I have attended many conferences or event as a presenter and/or panelist.

During panel discussions, I often found the discussions with some panelists are really shadow, sometimes non related to the topic or they actually has 0 experience on the panel topic.

I respect different opinion but you know the different between a valid viewpoint/perspective and a BS.

And more and more, I decided to ask the organizer that who are invited the same panel discussion before I commit myself or I will avoid panelist discussion with those so call security (or cybersecurity) experts and I don't claim any experts myself.

And I don't know this is good or bad, I stop wasting my time on those conferences and spend less time on those.