Did I miss something? Hype, yes. But boom? I was always under the impression that a boom first and foremost requires some kind of product that you could sell.
So how large would you assume to be that market of people who want the opposite?
Do you honestly think that there is a sizable amount of people who want more from their browser than the essentials? Yes, there are special cases of people who want "more", whatever that "more" may be, but I'd take any bet that most people don't care for that but just want their Facebook, their Twitter and their Youtube to work sensibly.
But please elaborate, what do you think "users" want, enlighten me.
Allow me to let you in on a little secret: It doesn't matter. By the time that these exploits actually make it big, we got that information, too. And chances are that we've gotten some tools that detect such flaws automatically.
What we have is degrees that are worth something in the real world out there. If you complain about not getting hired and your degree is about something no sane person considers marketable, it ain't the market that's wrong.
I'd have to look it up but IIRC it either has become or is about to become a EU guideline (which is essentially EU "law") that CEOs can be made personally liable for security breaches and the ensuing financial backlash if they can't show that they have taken reasonable steps to mitigate the risk.
Yes, most likely this means that having a CISO and not just using him as a liability shield (read: find the cheapest idiot willing to sit on that ejector seat) will most likely already do, but nobody wants to be the first to duke it out in front of a judge. So they all fill cabinet after cabinet with CYA papers.
Dude, I have been working in the US. And when I left I was compelled to tell the others that I'm sorry I couldn't join in their go-slow-strike but I was hired for a project...
Simple. A browser that does what they want. And they don't give a fuck if it renders the webpage 0.2 seconds faster or whether it uses more or less ram.
What people want from a browser is rather little. "Render the webpage" sums it up for a sizable portion of the user base already. Some more consider certain ad-blocking plugins crucial.
The handful of people that actually have any kind of requirement above and beyond that simply don't count.
I do of course need to know how our services work, but I certainly don't need the same level of detail that the specialist for the area does. For example, I can do a webserver audit even if I don't know every tweak Apache offers to make delivery of those pages smoother. I can review webapp security without knowing the intimate details of how to make color gradients look pretty in css.
I know the parts that are relevant to security. I have to admit that I probably could not create a webpage that anyone wants to look at, simply because I have not enough knowledge of the various tidbits that make webpages appealing and easy to use.
He doesn't need unskilled workers he can make slave away for pennies, knowing that their option is to either work 20+ hours a day for you or starve to death!
The world is going to come to an end if we actually had to pay people to flip burgers, stock stores and bag your groceries enough money that any person with a sliver of self respect would do it! If we cannot press people to slave labour anymore, our way of life is going to come to an end. People will have to bag their own groceries, like those Euros where minimum wage exists and you can't afford baggers!
We usually don't get involved unless someone (and usually more than one person) draws our attention to a thread. It's not really necessary to get involved too often, and usually it's enough to give the parties a little bit of time to reconsider their positions when nasty things get said in the heat of an argument.
What generally helps here immensely is that the people frequenting the board usually care about their "reputation" (well, as much reputation as you can have in an anonymous online medium) and usually think twice before saying something that will remain visible to everyone for a long time that makes them look like a dick, ass or idiot.
Maybe we're also just lucky that we built the board a very, very long time ago, when the average IQ of someone using the internet was still quite a bit higher than it is today because you did need a bit of dedication to even get online, and that means that the "old ones" are a pretty bright bunch, and their opinion matters.
Security, by the very definition of the job, deals with stuff that isn't for public consumption. That in turn means that it usually takes a bit of work to get these people cleared to do what they're doing. It actually took nearly 2 months for me to just get all the necessary clearance checks done so I can sit in the office that I sit in now. Without them, no chance to get in there at all.
Yes, that means I have to empty my own waste bin and run the vacuum cleaner myself every time it gets so dirty that even I don't want to walk across the carpet. Is that security related? No. It's janitor work (and trust me, my appreciation for these people went up a LOT since I took that job!). And I have to carry computers around, I have to install my own hardware, I have to run cables, I have to change lightbulbs, you get the idea.
If you say 83% of security staff are "wasting" time on non-security related jobs, I don't question the 83%. I question what the other 17% of security are actually doing.
Without coffee, you wouldn't get anything done in our company. I have not had a single meeting where you didn't get your results during the coffee breaks rather than the actual meeting. Mostly because there is no protocol running during the breaks. You can simply ask what the fuck is their problem why they keep blocking your proposal, and you actually get a sensible answer to it, and then you can actually start to work on the problem.
I'm currently trying to figure out a way how I can simply forgo meetings and instead just invite people to a one hour coffee break...
Security is a specialized and complex enough field that you are either a security specialist or a dilettante. You don't do security "on the side". Just because you learned some nmap parameters by rote and know how to start Nessus (or more likely OpenVAS...) and actually scan a machine you're interested in doesn't make you "security staff".
IT security is a huge problem because it has been ignored until the recent past. Only now that security breaches start to get expensive, especially in the light of ransomware attacks that now also start to hit big businesses (because until now, a security breach there only meant that your data gets stolen and your identity gets abused, who gives a fuck about that?), and also changes in laws that put the knife for security breaches right at the throats of C-Levels, they start to replace mental lull with operative hectic and realize that SOMETHING has to be done.
SOMETHING!
It's a great time to be security consultant, I tell you... Well, provided that you just want to make a ton of money and don't really care that you should actually tell your customer "You're fucked. Shoot yourself"...
Rejoice. At least if you're in Europe. We recently got changes in our laws that those MBA dimwits are now personally (read: with their own stash of money) responsible for security breaches if they can't show that they've taken reasonable steps to get their act cleaned up.
In other words, you won't find an ITSEC in Europe right now that isn't stressed out, overworked and has more overtime piled up than a doctor in a warzone.
How about starting with not appointing idiots with zero knowledge about code as their bosses, and not letting those zero-brain idiots set the milestones and delivery dates?
It is a little known fact that programmers don't really like to ship buggy, unstable and barely tested code. Most of them would just love to ship rock solid code that could even drink fruity drinks with little umbrellas because it's SO secure. But that takes time they don't get from their PHB morons.
I like that idea. You do that, take those 11 people and... what do you mean, they don't let you?
I know this is alien to you, but you might have to learn that the hard way: People don't like to be told what to do. No, not even by the all-knowing, ever-so-wise US.
You know, the rest of the world is wondering just this every time there is a "discussion" about global warming in the US. But then again, we're usually also shaking our head over the fact that you're the only country outside the Islamist world that takes crap like Creationism serious.
The essentials would probably be defined as "good enough to render the top 100 Alexa pages in a quality that allows sensible use of said pages".
Did I miss something? Hype, yes. But boom? I was always under the impression that a boom first and foremost requires some kind of product that you could sell.
So how large would you assume to be that market of people who want the opposite?
Do you honestly think that there is a sizable amount of people who want more from their browser than the essentials? Yes, there are special cases of people who want "more", whatever that "more" may be, but I'd take any bet that most people don't care for that but just want their Facebook, their Twitter and their Youtube to work sensibly.
But please elaborate, what do you think "users" want, enlighten me.
Allow me to let you in on a little secret: It doesn't matter. By the time that these exploits actually make it big, we got that information, too. And chances are that we've gotten some tools that detect such flaws automatically.
Bullshit.
What we have is degrees that are worth something in the real world out there. If you complain about not getting hired and your degree is about something no sane person considers marketable, it ain't the market that's wrong.
I agree, having to use a year old cellphone, that's the end of the world!
You don't spend much time on Twitter, do you?
But I DESERVE that house! I did show up for the appointment to view it!
I'd have to look it up but IIRC it either has become or is about to become a EU guideline (which is essentially EU "law") that CEOs can be made personally liable for security breaches and the ensuing financial backlash if they can't show that they have taken reasonable steps to mitigate the risk.
Yes, most likely this means that having a CISO and not just using him as a liability shield (read: find the cheapest idiot willing to sit on that ejector seat) will most likely already do, but nobody wants to be the first to duke it out in front of a judge. So they all fill cabinet after cabinet with CYA papers.
Dude, I have been working in the US. And when I left I was compelled to tell the others that I'm sorry I couldn't join in their go-slow-strike but I was hired for a project...
I admit, Poe's Law makes sarcasm tags a necessity, and I apologize for omitting them.
Simple. A browser that does what they want. And they don't give a fuck if it renders the webpage 0.2 seconds faster or whether it uses more or less ram.
What people want from a browser is rather little. "Render the webpage" sums it up for a sizable portion of the user base already. Some more consider certain ad-blocking plugins crucial.
The handful of people that actually have any kind of requirement above and beyond that simply don't count.
I do of course need to know how our services work, but I certainly don't need the same level of detail that the specialist for the area does. For example, I can do a webserver audit even if I don't know every tweak Apache offers to make delivery of those pages smoother. I can review webapp security without knowing the intimate details of how to make color gradients look pretty in css.
I know the parts that are relevant to security. I have to admit that I probably could not create a webpage that anyone wants to look at, simply because I have not enough knowledge of the various tidbits that make webpages appealing and easy to use.
Small to medium businesses usually outsource their security. CISO-as-a-service is a reality.
He doesn't need unskilled workers he can make slave away for pennies, knowing that their option is to either work 20+ hours a day for you or starve to death!
The world is going to come to an end if we actually had to pay people to flip burgers, stock stores and bag your groceries enough money that any person with a sliver of self respect would do it! If we cannot press people to slave labour anymore, our way of life is going to come to an end. People will have to bag their own groceries, like those Euros where minimum wage exists and you can't afford baggers!
We usually don't get involved unless someone (and usually more than one person) draws our attention to a thread. It's not really necessary to get involved too often, and usually it's enough to give the parties a little bit of time to reconsider their positions when nasty things get said in the heat of an argument.
What generally helps here immensely is that the people frequenting the board usually care about their "reputation" (well, as much reputation as you can have in an anonymous online medium) and usually think twice before saying something that will remain visible to everyone for a long time that makes them look like a dick, ass or idiot.
Maybe we're also just lucky that we built the board a very, very long time ago, when the average IQ of someone using the internet was still quite a bit higher than it is today because you did need a bit of dedication to even get online, and that means that the "old ones" are a pretty bright bunch, and their opinion matters.
Security, by the very definition of the job, deals with stuff that isn't for public consumption. That in turn means that it usually takes a bit of work to get these people cleared to do what they're doing. It actually took nearly 2 months for me to just get all the necessary clearance checks done so I can sit in the office that I sit in now. Without them, no chance to get in there at all.
Yes, that means I have to empty my own waste bin and run the vacuum cleaner myself every time it gets so dirty that even I don't want to walk across the carpet. Is that security related? No. It's janitor work (and trust me, my appreciation for these people went up a LOT since I took that job!). And I have to carry computers around, I have to install my own hardware, I have to run cables, I have to change lightbulbs, you get the idea.
If you say 83% of security staff are "wasting" time on non-security related jobs, I don't question the 83%. I question what the other 17% of security are actually doing.
Without coffee, you wouldn't get anything done in our company. I have not had a single meeting where you didn't get your results during the coffee breaks rather than the actual meeting. Mostly because there is no protocol running during the breaks. You can simply ask what the fuck is their problem why they keep blocking your proposal, and you actually get a sensible answer to it, and then you can actually start to work on the problem.
I'm currently trying to figure out a way how I can simply forgo meetings and instead just invite people to a one hour coffee break...
Security is a specialized and complex enough field that you are either a security specialist or a dilettante. You don't do security "on the side". Just because you learned some nmap parameters by rote and know how to start Nessus (or more likely OpenVAS...) and actually scan a machine you're interested in doesn't make you "security staff".
IT security is a huge problem because it has been ignored until the recent past. Only now that security breaches start to get expensive, especially in the light of ransomware attacks that now also start to hit big businesses (because until now, a security breach there only meant that your data gets stolen and your identity gets abused, who gives a fuck about that?), and also changes in laws that put the knife for security breaches right at the throats of C-Levels, they start to replace mental lull with operative hectic and realize that SOMETHING has to be done.
SOMETHING!
It's a great time to be security consultant, I tell you... Well, provided that you just want to make a ton of money and don't really care that you should actually tell your customer "You're fucked. Shoot yourself"...
Rejoice. At least if you're in Europe. We recently got changes in our laws that those MBA dimwits are now personally (read: with their own stash of money) responsible for security breaches if they can't show that they've taken reasonable steps to get their act cleaned up.
In other words, you won't find an ITSEC in Europe right now that isn't stressed out, overworked and has more overtime piled up than a doctor in a warzone.
How about starting with not appointing idiots with zero knowledge about code as their bosses, and not letting those zero-brain idiots set the milestones and delivery dates?
It is a little known fact that programmers don't really like to ship buggy, unstable and barely tested code. Most of them would just love to ship rock solid code that could even drink fruity drinks with little umbrellas because it's SO secure. But that takes time they don't get from their PHB morons.
I like that idea. You do that, take those 11 people and ... what do you mean, they don't let you?
I know this is alien to you, but you might have to learn that the hard way: People don't like to be told what to do. No, not even by the all-knowing, ever-so-wise US.
You know, the rest of the world is wondering just this every time there is a "discussion" about global warming in the US. But then again, we're usually also shaking our head over the fact that you're the only country outside the Islamist world that takes crap like Creationism serious.
"Milder" and "Greenland" is like "moderate" and "Westboro Baptist Church".
Yes, there may be moderates among them. But their moderate is still in the batshit insane religious nutjob category.