Infosec and IT in general is still in the era that would be the equivalent of pre germ theory in medicine.

It’s still a wild west when it comes to so many things, memory safety is not yet a thing, hardware microarchitectural bugs are just starting to get serious/recognized, we as a society have no idea what to do about data, machine learning and privacy.

People assume infosec is this gradient with some bad, some average and some good parts distributed in a fairly uniform way. 1/2

I think in a couple decades we’ll look back and will think that IT/infosec professionals barely deserved the name, just like doctors before it became evidence based.

Instead of these gradients, I’d be surprised if there is more than 1-5% that we can call progress and the rest being utter quackery the current practitioners accept as normal.

We are in the era where we’re arguing that maybe doctors should wash hands (=software updates) and before randomized double-blind trials.

Show thread

@szbalint we're going to be looking back at this era the same way we currently look at 90's computer security.

@szbalint I've been arguing for a while that when put into corner an it professional couldn't even describe what a tool is and what's a material

we don't know how to use which of our tools, and we have no knowledge of any of the properties of any of our materials

imagine a construction worker, dangling 200m in the air on the outside of a sky scraper, mixing clay with his hands, to fix an electrical issue in one of the office

@szbalint I'd argue most of the competent practitioners *already* accept that the current state is far more art and magic than science and engineering


Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!