After reading this article, it brought me back to something that I've struggled with through many Jedi battles. Remember that the Jedi not only fought with the bad guys, but fought with the Senate as well...
It is obvious that the field of security is heating up faster than the rest of the global economy. The problem that I see is still one of economics and understanding. Security, as a discipline, doesn't make money. So when hard economic times lead to even harder spending choices, one of the first things to get cut are those folks that don't bring in money. Namely, those (sometimes) quiet folks that talk about technical things that hardly anyone understands and while they sound like they are doing something useful, few could really explain what that stuff is. I'm sure we could do without one or two of them, right? The end result is that we have too few Jedi trying to fight too many bad guys.
Having too few security people is certainly an issue, but the broader issue is a general lack of understanding about the nature of the cyber-warfare that is going on. I cannot count the number of times I have been asked to assess a situation or system or application and done the work, and written the report. The client is all smiles up until the moment that they begin to read it.
The change in expression is all too predictable. The smile slowly melts away to some sort of open hostility as if you have suddenly become a dangerous insect that needs to be swatted with a slipper and ground into the floorboards. You try to tell them, in the 12-step tradition, that the first step in fixing a problem is knowing of its existence. They didn't think they HAD a problem and here you are telling them things are pretty bad. Now they hate you and all but demand you leave because you are no longer considered their hired gun expert, but some crack-pot that doesn't know a thing about anything.
Let experts be experts
So where did things go wrong? Well, if you take the time to bring in a talented person to do something for you, it is best to trust the expert advice that they are giving you. Problem is, that few people outside of the security trade understand the questions and are prone to not understanding the answers too. Doubt what you don't understand, right? Wrong! Question what you don't understand and ask for clarification.
We are all smart people in our own areas of expertise and if you believe that the Cyber Jedi that is working by your side is doing so conscientiously for your benefit, then it would be good to give him or her the benefit of the doubt. There are a lot of us who get it and while our numbers are small, we do believe very deeply in what we do and that we are fighting the good fight. We also understand that for those that don't know how to 'use the force' that it can be very hard to tell a Jedi from a Sith Lord. The best Cyber Jedi are patient and always happy to help others understand, so ask us to explain.
If our reasons for a recommended course of action are sound, they will stand up to debate. Just because you don't feel the dark side of the force when it is near, doesn't mean that we don't. The Jedi fell when everyone lost faith in them and no longer understood nor believed in their cause. Of course, that was long, long ago, in a galaxy far, far away...or was it?
Product Manager, EnCase Cybersecurity