It didn't took me too long to realise the actual scenario at infosec, at all leading MNC's. And here I am ranting about it and mind it, everything is appropriately correct.It all started with me applying for a job at a leading MNC, and those guys instead of heeding what I had done (with some powerful references) asked me if I had my CISSP/CISA/CEH/ECSA-LPT/BULLSHIT. Read on..as I conclude these points -
- Any respectably responsible guy who has passion for Infosec has no chances at doing well at corporate unless he sells his soul to Satan of commercialization of security. Those guys (the management and HR) need guys who have certifications which are purely theoretical in nature and has no or little affilitation with hands on security. Worse, once you get in,be prepared to lie, a lot.
- The running gag among my security circle (dedicated guys who care about their network and do their best to save your assess) was that you can never be the security guy by researching, practicing and making your bones in the Infosec jungle. You can be one by getting certified.
- The best a CISSP/CISA does is to write the mails creating security awareness among company, create pie charts for the management while making sure those looked best while presenting himself , NOTHING REMOTELY RELATED TO HANDSON SECURITY and collect the easiest pay cheque on earth. Sad, but true.
- The condition is a result of HR's and guys who are what i call security illiterate, so the best they need a guy who is certified (by cramming notes,taking mocktests, bribing, praying and God knows what else) by some standard and would take the hotshot in just for the sole reason without even testing if he knows anything, and the best part is at the end of the day that guy creates bar graphs of security framework and audit infra of the MNC.
- At the end of the day, these certifications are nothing but to double your salary package, doesn't matter if you know anything or not.
Dear Corporate Infosec, your minions are rotting you, and its not long when someone will pwn your ass like SONY because you hired some douche'bag who had a cert but was a skid.
inspired by personal experiences and J. Oquendo's wonderful post at Infosec Island