Who do you think is going to be the winner, the hacker or the security practitioner? This question is in the same ballpark as: Do we need more cybersecurity professionals who are getting more and more certifications? Then why are we just getting weaker compared to the hacker’s community?
For example, is the ability to establish a ransomware-as-a-service business and cash out all the benefits, in fact, a pure sign of what the security community does having no effect, and in fact we are being less secure compared to 20 and 30 years ago?
My point here is that the focus of both the market and industry on superficial solutions rather than addressing the real root causes of cyber crimes is a major concern. Keep in mind that the cyber threats happening on a global scale are more significant than isolated ransomware attacks on US healthcare entities. The damages from these threats are growing, and the security community seems to be consumed by the latest trendy tools, buzzwords, and acronyms, rather than addressing the actual issues. This gives a false impression of expertise without delivering tangible results.
I learned cybersecurity because I knew how to code in assembly language and deal with memory management, coding in C (with minimum fancy libraries in place). I discovered how to block sophisticated attacks because I studied RFCs and knew how to build a packet from scratch for many types of network operations. I didn’t become a security professional by getting my CISSP 32 years ago; I did that through intense research and development on top of fundamentals like programming in low-level languages and knowing the ins and outs of network protocols.
Bottom line: As long as we keep trying to reinvent the wheel by bringing new scrambled acronyms to the market and adding more shiny certifications to our titles, instead of learning the fundamentals of computer science in-depth and getting our hands dirty with code and packet analysis, it’s no surprise that security practitioners will continue to lose to hackers as we are doing now. I can assure you that it’s only going to get worse if we don’t shift our focus.