Many Community members probably think Grandpa Rob @rslade spends all his time mining the InterWebs for strange tidbits to throw into our Community Fora to seed new threads. Some members understand he also collects book reviews on security topics, by writing them himself. Only a handful here probably know Rob also writes the Cryptic Curmudgeon column for the ISSA Journal. I bring this up, because in the April 2019 issue of that journal our local curmudgeon has done an exquisite job of explaining (with documented evidence)why he REALLY doesn't like Facebook. Actually, Rob gives good reasons that you shouldn't like Facebook, either.
Personally, I for many years have intensely not liked FB, and for the same reasons as Grandpa Rob listed.
So, I encourage everyone here to read the column, Why I *Really* Don't Like Facebook on page 7 of Volume 17, Issue 4 of the ISSA Journal.
In that same issue, ISSA President Candy Alexander expressed concern (p. 3) that so many active and involved cybersecurity professionals are not aware of ISSA. If you fall into that category, please check out the ISSA.org web site, and seek out a local chapter if available. Importantly, (ISC)2 would not even exist, were it not for ISSA as one of the founding members of the Consortium, and a leading agent in the creation of the CISSP by the Consortium. Newer members may not realize that (ISC)2 was originally a consortium of professional and educational organizations, not a membership organization of individuals, as it is today.
Join, Read, & Enjoy.
Anyway, many thanks, @CraginS , for those kind words :-)
Great points about Facebook! I went through the process to have myself and account expunged, not just deleted. In the case of LinkedIn I am not nor have I ever been a member, yet people are being referred to me anyway. The problem is that our democratic governments have been ridiculously slow in embracing the good governance needed to regulate the tech sector properly. We have very strict governance on the pharmaceutical industry, aviation industry, automotive industry, civil engineering, and just about everything else. This Guardian article does a good job of explaining how we need just the right amount of governance to actually make these platforms safe, refer to https://www.theguardian.com/business/2019/apr/29/big-tech-regulation-facebook-google-amazon
I would like to use these services, but only after the US enacts something like the GDPR. To Micorsoft's credit, they have embraced the GDPR without equivocation. Refer to https://blogs.microsoft.com/on-the-issues/2018/05/21/microsofts-commitment-to-gdpr-privacy-and-putti...
When I called my congressman's office, they were very honest in explaining that we probably will not get something like the GDPR any time soon here in America. In my opinion the politicians in America are woefully uneducated in information technology issues in most cases. Many of them are urgent about global warming and the green deal and I agree that is an issue. However, instead of going after the enormous energy consumption of Bitcoin and other cyrpto currencies, that consume an entire nation's worth of electricity just for one enterprise, they attack cows. Refer to these links on the enormous energy consumption of crypto currencies https://digiconomist.net/bitcoin-energy-consumption and https://www.forbes.com/sites/shermanlee/2018/04/19/bitcoins-energy-consumption-can-power-an-entire-c...
just look at certifications in our industry. The DoD is one of the few departments in the US that mandate that people working IT be certified, many departments and agencies still do not mandate solid credentials for those working in or regulating the industry. Why? Many governments mandate that hair stylist be certified but require nothing of IT professionals, how does that make any senses?
"Many governments mandate that hair stylist be certified but require nothing of IT professionals, how does that make any senses?"
Professional credentialing (licenses, certifications, degrees, certificates, etc.) mandates by governments (in laws or regulations) are almost always justified to the public as being necessary to ensure competence of practitioners and safety of the public. However, if you take time to look under the hood at the processes that led to those mandates, it is not uncommon to see that a major purpose is to limit access to the profession. The goal of those already working there is to control how many new competitors appear. The current practitioners want to be sure they don't lose business, and money, to a flood of new participants in the marketplace.
Granted, there are those who legitimately and altruistically work to ensure standards to meet public safety needs. That is, I have inferred, what the original (ISC)2 members were trying to do.
Undertakers, hair dressers, barbers, florists, interior designers, school teachers, lawyers, physicians, chiropractors, private investigators, and many other professions have, over the years, formed strong, vocal "professional" associations that have proceeded to lobby, push, and donate to state legislators to establish these credentialing requirements in law. I have yet to see any IT-related organization make any attempt at all to do the same.
Even in the UK, government certifications for security in the public sector don't appear to take hold, but this is at least in part the number of possible certifications IT and security staff may hold. The last effort was CCP (CESG Certified Professional), but for people who hold ISACA, ISC2 and ISO certifications, in addition to vendor certifcations, it's not that attractive to be required to have yet another qualification that largely overlaps these.
One of the benefits when the US government started mandating that the IT workforce meet a minimum level of cyber security is that it forced some people into continuous learning. It also forced some people who had gotten into IT for the "money" to start thinking about other careers. I took it as a good thing because you don't really want people in a profession who aren't into learning new threats to that profession.
That is a very accurate statement. People who are only in information technology, especially cybersecurity, for the money do not belong in cybersecurity ,or in the fast paced technology fields, because these careers require continual work and self study that is often not recognized by executives as as a real challenge. Only those who view life long learning as a labor of love can survive since it is a lifelong challenge to stay current.