Nick on Nostr: While I see plenty of infosec people here like yourself who seem extremely ...
While I see plenty of infosec people here like yourself who seem extremely knowledgeable, in my own work I've generally found that people assigned as "IT security" I've interacted with seemed to have pretty limited actual knowledge of system administration, cryptography, etc. Some can talk a good game until you get to specifics. Others can't even do that much. it is vexing and confusing.
Where I've seen this, my perception is that this is because the role is treated more as a paperwork exercise, writing security plans, documenting audits, and deviations from controls, etc., so it tends to select for people with a high tolerance for wrote paperwork rather than technical knowledge. Of course, that's conjecture based on very limited evidence.
Granted, these people were not being billed as "cyber experts," so it might be a different kettle of fish.
Where I've seen this, my perception is that this is because the role is treated more as a paperwork exercise, writing security plans, documenting audits, and deviations from controls, etc., so it tends to select for people with a high tolerance for wrote paperwork rather than technical knowledge. Of course, that's conjecture based on very limited evidence.
Granted, these people were not being billed as "cyber experts," so it might be a different kettle of fish.