Teaching cybersecurity?

George Jones <> (Yest. 10:59) (inbox replied)
Subject: Western governors
To:
Date: Tue, 09 Jan 2024 10:59:38 -0500

I looked at the cyber security program. I could probably do it fairly easily.

They tout being able to get various industry certifications free in
the process. One is the CISSP. I held that circa 2002-2012, plus some
related certs (SANS). I let it drop after realizing that leading a multi year
effort, coordinating globally across the industry resulting in me being
the author of a set of security recommendations published by Internet
standards body (https://www.rfc-editor.org/rfc/rfc3871) counted as
much toward recertification as sitting in a room listening to a one
hour lecture on strong passowrds. Let's just say I don't think much
of the value of the certification. I founded the LinkedIn group "Not-a-CISSP"

The bigger picture, and this was grating on me for 15 or 20 years and
was one of the reasons I finally retired is I have trouble
believing that the "standard practices", such as those behind most
of the degree work, make a real difference in security. Sure there
are jobs, good paying jobs (I left one), but if you don't think it
matters in the end, it's hard to stick to it. Or, probably, teach it.

What I need to do is some writing engaging the fundamental question/value.

Thanks for the idea.   Still milling it over.

--
The opinions expressed in this email are mine, and not
those of my employer.  In fact, they may not even be mine.  I may have
changed my mind.  I may have grown beyond a particular opinion.  I may
be trolling you.  I may be engaging in Socratic dialog to tear down
your beliefs.  I may be tearing down my own beliefs. γνῶθι σεαυτόν!

---George Jones

 George Jones <> (Yest. 17:23) (inbox)
 Subject: Re: Western governors
 To:
 Cc:
 Date: Tue, 09 Jan 2024 17:23:23 -0500

 I think you may have given me the angle I need to write: could I ever,
in good conscience, teach "cyber security" as it's understood today?

 Thanks,
 ----george


 [ 2-line signature. Click/Enter to show. ]
 --
 ---George Jones

 Subject: Re: Western governors
 From:
 To: George Jones <>
 Date: Tue, 09 Jan 2024 22:32:27 +0000

 I am eager to eventually read what you write or hear what you decide.
I think even if you decide not to go down this route, the thinking
you do to figure that out will be valuable for helping you focus and
define what you eventually decide to do with your time.

And do note that the main focus of WGU is applied, not theoretical.
Other colleges have research/philosophy based degrees that focus on
what best practices SHOULD be, and those programs would likely be a
far better fit for you intellectually as an instructor.

 WGU is kind of the "I just need to demonstrate that I meet the minimum
standards for holding a masters degree so I can check off someone's
rather arbitrary box" kind of program.


George Jones <> (Yest. 17:59) (inbox)
Subject: Re: Western governors
To:
Cc:
Date: Tue, 09 Jan 2024 17:59:01 -0500

Yeah, checkbox security is a big part of the collective non-solutions.
They do get you jobs. But I view much of the profession (defense side,
offence a whole different discussion) on about the same level as digging
and refilling dicthes (just start by looking here https://en.wikipedia.org/wiki/List_of_security_hacking_incidents#2023).
Some people can ignore the futility and take the paycheck (while talking
a good game to the c-suite to keep the gravy train going). I can't.

And don't get me started on the [non]value of doing things to check boxes to get past HR.
HR is often the tail wagging the dog in the hiring process.  This
https://www.amazon.com/Reinvention-Roadmap-Break-Career-Deserve/dp/1942952686 from a former HR VP is all about
bypassing HR to get in the door.