cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

A Curmudgeon Explains Facebook Attitude

Many Community members probably think Grandpa Rob @rslade spends all his time mining the InterWebs for strange tidbits to throw into our Community Fora to seed new threads. Some members understand he also collects book reviews on security topics, by writing them himself. Only a handful here probably know Rob also writes the Cryptic Curmudgeon column for the ISSA Journal. I bring this up, because in the April 2019 issue of that journal our local curmudgeon has done an exquisite job of explaining (with documented evidence)why he REALLY doesn't like Facebook. Actually, Rob gives good reasons that you shouldn't like Facebook, either.

 

Personally, I for many years have intensely not liked FB, and for the same reasons as Grandpa Rob listed.

 

So, I encourage everyone here to read the column, Why I *Really* Don't Like Facebook on page 7 of Volume 17, Issue 4 of the ISSA Journal.

 

In that same issue, ISSA President Candy Alexander  expressed concern (p. 3) that so many active and involved cybersecurity professionals are not aware of  ISSA. If you fall into that category, please check out the ISSA.org web site, and seek out a local chapter if available. Importantly, (ISC)2 would not even exist, were it not for ISSA as one of the founding members of the Consortium, and a leading agent in the creation of the CISSP by the Consortium. Newer members may not realize that (ISC)2 was originally a consortium of professional and educational organizations, not a membership organization of individuals, as it is today.

 

Join, Read, & Enjoy.

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
9 Replies
rslade
Influencer II

> CraginS (Advocate I) mentioned me in a post ...

> Many Community members probably think Grandpa Rob @rslade spends all his time
> mining the InterWebs for strange tidbits to throw into our Community Fora to
> seed new threads.

However, *most* "community" members probably don't give @rslade a second
thought ...

> Some members understand he also collects book reviews on
> security topics, by writing them himself.

Well, what other way is there?

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
AAAAAA - American Association Against Acronym Abuse Anonymous
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

Anyway, many thanks, @CraginS , for those kind words  🙂


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Frank_Mayer
Contributor I

Great points about Facebook!  I went through the process to have myself and account expunged, not just deleted.  In the case of LinkedIn I am not nor have I ever been a member, yet people are being referred to me anyway.   The problem is that our democratic governments have been ridiculously slow in embracing the good governance needed to regulate the tech sector properly.  We have very strict governance on the pharmaceutical industry, aviation industry, automotive industry, civil engineering, and just about everything else.  This Guardian article does a good job of explaining how we need just the right amount of governance to actually make these platforms safe, refer to https://www.theguardian.com/business/2019/apr/29/big-tech-regulation-facebook-google-amazon 

 

I would like to use these services, but only after the US enacts something like the GDPR. To Micorsoft's credit, they have embraced the GDPR without equivocation. Refer to https://blogs.microsoft.com/on-the-issues/2018/05/21/microsofts-commitment-to-gdpr-privacy-and-putti... 

 

When I called my congressman's office, they were very honest in explaining that we probably will not get something like the GDPR any time soon here in America.  In my opinion the politicians in America are woefully uneducated in information technology issues in most cases.  Many of them are urgent about global warming and the green deal and I agree that is an issue. However, instead of going after the enormous energy consumption of Bitcoin and other cyrpto currencies, that consume an entire nation's worth of electricity just for one enterprise, they attack cows.   Refer to these links on the enormous energy consumption of crypto currencies  https://digiconomist.net/bitcoin-energy-consumption and https://www.forbes.com/sites/shermanlee/2018/04/19/bitcoins-energy-consumption-can-power-an-entire-c...

 

just look at certifications in our industry.  The DoD is one of the few departments in the US that mandate that people working IT be certified, many departments and agencies still do not mandate solid credentials for those working in or regulating the industry.  Why?  Many governments mandate that hair stylist be certified but require nothing of IT professionals, how does that make any senses?

 

 

Respectfully,

Francis (Frank) Mayer, CISSP EMERITUS
CraginS
Defender I

@Frank_Mayer asked,

"Many governments mandate that hair stylist be certified but require nothing of IT professionals, how does that make any senses?"

 

Professional credentialing (licenses, certifications, degrees, certificates, etc.) mandates by governments (in laws or regulations) are almost always justified to the public as being necessary to ensure competence of practitioners and safety of the public. However, if you take time to look under the hood at the processes that led to those mandates, it is not uncommon to see that a major purpose is to limit access to the profession. The goal of those already working there is to control how many new competitors appear. The current practitioners want to be sure they don't lose business, and money, to a flood of new participants in the marketplace.

 

Granted, there are those who legitimately and altruistically work to ensure standards to meet public safety needs. That is, I have inferred, what the original (ISC)2 members were trying to do.

 

Undertakers, hair dressers, barbers, florists, interior designers, school teachers, lawyers, physicians, chiropractors, private investigators, and many other professions have, over the years, formed strong, vocal "professional" associations that have proceeded to lobby, push, and donate to state legislators to establish these credentialing requirements in law. I have yet to see any IT-related organization make any attempt at all to do the same.

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Frank_Mayer
Contributor I

True, many credentials are looked at as being protectionism, however, I
am very glad that professional associations have forced competency in
all the professions mentioned, funeral directors, hair dressers,
lawyers, doctors, and the like.

Plain common sense should tell us that the limiting of people offering
the service to those who prove in some relevant and objective manner
they have clue about what they are doing is critical for the public good. 

It cannot just be buyer beware and go figure it out on your own because
we live in a highly transient society and we do not have the luxury of
getting to know who is good and who is bad by letting the market
organically take care of it.  The 1700s are well past and that does not
work.  People who like to cut corners and do whatever it takes to make a
buck, even at the expense of life, are everywhere and will do massive
damage unless their activities are nipped in the bud.

I don't want a person cutting my hair who is going to butcher my hair,
or someone burying a relative of mine who is going to care for th body
improperly, I don't want an unqualified lawyer or doctor either.   The
US education system needs to be refocused on having education and
credentialing as an integrated program in all  professional areas.

I strongly feel that in todays highly technical world that there are
very few jobs that are able to be done by people who are not highly
educated, trained and skilled through concurrent apprenticeship. 

Catastrophes have happened when unqualified people do work.  I have seen
unskilled workers do real damage to homes.  For example, I had a truly
certified duct cleaning company do work for me recently and it was good
and right, when I had uncertified people do the work in the bad old days
it was a disaster and they even left junk in the vents that made things
worse.   Again, if our academic institutions are forced to prepare
people for jobs and forced to come into the highly technical world of
the 21st century we will be the better for it. 

If you go to this link you can see how formal medical education and
licensing is relatively new but we consider it indispensable today. 
http://bulletin.facs.org/2013/07/100-years-of-surgical-education/ NO one
would allow themselves to be operated on by an uneducated and doctor
that is not board certified , but just 100 years ago, there were no real
qualifications for doctors and the society accepted unnecessary medical
malpractice as just a fact of life.  We will not stand for this now. 

Therefore, progress demands continually rising standards and rigorous
enforcement.  The Wild West needs to be consigned to history, not made a
blueprint for the future.

You know very we that if we have cybersecurity malpractice today it
could result in a catastrophic failure in operational technology where
real physical damage and loss of life on a massive scale could easily
take place. Triton is a prime example.

https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/

What does our US Congress do?  They steer clear of it and do not do
their job, refer to:
https://www.csoonline.com/article/3365239/congress-steers-clear-of-industrial-control-systems-cybers...

All the benefits of modern life and the wonderful and life saving
technology, including the ability to have a fantastic infrastructure
that puts power and knowledge at our fingertips, comes with the high
price of everyone being asked to go to a much higher level and not to
just do what they feel like doing.  I  was not even 40 years ago, when i
graduated college, that having a BS degree put you in the top 10% of
educated people in the country, today a BS degree is expected and if you
do not have that or you are not licensed in a trade, then you are really
struggling. This link shows the historical trends and outlines the fact
of how critical advanced education is to the health of the economy
https://ourworldindata.org/global-rise-of-education

I am for transformational change in the way we do business world wide so
that we come  into the 21st Century and prepare for the 22nd Century. 
If we do not do that in the US, the Chinese and other forward looking
countries will and we, the US, will be left in the dust bin of history.

--
Frank Mayer, CISSP

Profile at profile:
https://community.isc2.org/t5/user/viewprofilepage/user-id/1334307903

"Educate your children to self-control, to the habit of holding passion
and prejudice and evil tendencies subject to an upright and reasoning
will, and you have done much to abolish misery from their future and
crimes from society." Benjamin Franklin
Respectfully,

Francis (Frank) Mayer, CISSP EMERITUS
Steve-Wilme
Advocate II

Even in the UK, government certifications for security in the public sector don't appear to take hold, but this is at least in part the number of possible certifications IT and security staff may hold.  The last effort was CCP (CESG Certified Professional), but for people who hold ISACA, ISC2 and ISO certifications, in addition to vendor certifcations, it's not that attractive to be required to have yet another qualification that largely overlaps these.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
CISOScott
Community Champion

One of the benefits when the US government started mandating that the IT workforce meet a minimum level of cyber security is that it forced some people into continuous learning. It also forced some people who had gotten into IT for the "money" to start thinking about other careers. I took it as a good thing because you don't really want people in a profession who aren't into learning new threats to that profession.

Frank_Mayer
Contributor I

That is a very accurate statement.  People who are only in information technology, especially cybersecurity, for the money do not belong in cybersecurity ,or in the fast paced technology fields, because these careers require continual work and self study that is often not recognized by executives as as a real challenge.  Only those who view life long learning as a labor of love can survive since it is a lifelong challenge to stay current.

Respectfully,

Francis (Frank) Mayer, CISSP EMERITUS
rslade
Influencer II

> Frank_Mayer (Newcomer I) posted a new reply in Industry News on 05-19-2019 06:25

>    The problem is
> that our democratic governments have been ridiculously slow in embracing the
> good governance needed to regulate the tech sector properly.

Be careful what you wish for. More than three decades ago (good grief! am I ever
*ancient*!) I recall various governments trying to pass laws to make computer
viruses illegal. (Mostly under Civil Law legal systems.) They signally failed, and
sometimes spectacularly so.

>  We have very
> strict governance on the pharmaceutical industry, aviation industry, automotive
> industry, civil engineering, and just about everything else.

Thing is, we *know* about those things, and those regulations were put in place
over a long period of time. (It wasn't so long ago that seat belts weren't
mandatory in cars. Or aircraft ...) *We* don't know as much about infosec, and
*we* are the professionals ...

>  This Guardian
> article does a good job of explaining how we need just the right amount of
> governance to actually make these platforms safe

Yeah, it's that "just the right amount" that's the tricky part ...

>   In
> my opinion the politicians in America are woefully uneducated in information
> technology issues in most cases.

Unfortunately true.

>  Many of them are urgent about global warming
> and the green deal and I agree that is an issue.

And they can't even agree to do about *that* ...

>   Many governments mandate that hair stylist be certified but
> require nothing of IT professionals, how does that make any senses?    

As I note in many situations, if you can tell the difference between good advice
and bad advice you don't need any advice ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
If a man is called to be a streetsweeper,
he should sweep streets even as Michelangelo painted,
or Beethoven composed music, or Shakespeare wrote poetry.
He should sweep streets so well that all the hosts of
heaven and earth will pause to say,
here lived a great streetsweeper
who did his job well. - Martin Luther King Jr.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468