The Information Security industry is chaos.
The first Chief Information Security Officer (CISO) was appointed in 1994. Almost 20 years passed since the term cybersecurity appeared.
And yet, industry’s thought leaders still can’t agree about whether we’re in Information Security, cybersecurity, cyber-security, or maybe Cyber Security. There’s still no one definition for basic terms, such as risk, threat or vulnerability.
Global IT and Security associations, consortia and other professional non-profit (or better say for-profit) organizations are not really helping. They happily collect membership fees for the certificates they issue, which in the real world, have very little value.
There is a huge demand for talented people in the industry. Most reports tend to agree that Information Security (InfoSec) industry is short over 3 million workers in 2022.
Business leaders mostly ignore security. They see it as a cost center. Of course, they’re wrong, because they’re uninformed. If done right, Security can actually increase the profits and help business grow.
But, I don’t blame business leaders for their ignorance of security. I blame InfoSec leaders. InfoSec leaders loudly complain about this, wait-for-it, in social media! Like that would change anything. Such leaders fail to educate and inform their own executives.
They fail, because they’re incompetent. These leaders still treat security as an Information Technology (IT) issue. Additionally, they’re are often delusional about the value of security. Yet, they believe they’re great, because of all the certificates they have.
With such an approach to work, they slow down or even block the business. No wonder why others in the organization tend to workaround or ignore Security teams and their efforts.
The root cause: incompetence. We’re swimming in incompetence.
How do businesses end up in such situations? It’s quite simple. What happens is, the uninformed and overconfident business leaders believe they’re competent to hire security leaders. So they go for it. Big mistake.
It gets worse.
Vendors in IT and InfoSec are quite happy with such incompetent leaders, because they can sell more software than they ever imagined.
Venture Capital (VC) firms have noticed that. They are thrilled about all things “cyber”.
VCs are very excited about the industry. “Private cybersecurity company funding grew by 9.34% to 26.9 billion between September 2021 and September 2022”, according to this report.
One of the main reasons for this is, because InfoSec industry is still immature and not regulated. The lack of proper regulations in InfoSec allows IT and InfoSec vendors near-to-fraudulent behavior in selling their products and services.
Such vendors would never be able to get away with such unethical practices in some more regulated industries.
It’s no wonder why so many organizations participate in the security theater.
These are some of the biggest problems we have in InfoSec industry today. WIM Security is here to change things for the better, so everyone can live and work, safely and securely, in the digital world.
We start, now!