I have been in this industry longer than most people I know and work with. At one time I could keep up with technology: which vendors sold what technology, methodologies, tools, and occasionally my socks that attempted to disappear in the black abyss of my clothes washer.
I have been doing networking, engineering, teaching, writing, and other stuff[md]well, longer than I will admit. At one time I worked with a large team that maintained huge financial environments, and security was not even part of our jobs! It was not part of anybody's job.
When I started in networking, I fell in love with computer security, but the term "computer security" did not even exist. I loved the complexity of having to secure software because it required that you understand the software before you could secure it.
I remember telling a few people back then how much I enjoyed this security stuff. I remember one comment was, "That's great, but you will never have a full time job in security." No one imagined that computer security would ever be overly important.
Today our industry has exploded with opportunities. Thousands and thousands of people are now "security experts." So many people use this term (along with "visionary," "professional," and others) to describe themselves, it is hard to know who really is an expert. Guess who is not an expert, visionary and barely professional[md]me! This industry is too large, complex, confusing, and changing to be an expert in it.
People have to specialize, as physicians do in medicine, and still most people cannot keep up with changes, vendors, tools, products, methodologies, laws, regulations, hacker activities (much less their socks).
So if my assumptions are correct that no one can really be experts in the security field, how do we have so many damn "security divas"? The amount of money, opportunities, and offers security people have had over the last three to five years have spoiled many people who claimed to be "security experts." I have friends who demand $1,000 per day every day to work no matter what job!
Although security people have had it pretty good over the last few years and the economy won't gouge our industry AS MUCH as others, we are all going to have to gain some more humility about ourselves.
So let's ask some questions to gauge whether you are a security diva or whether you know one:
If you answer some or most of these questions with a "yes," you are a security diva. If you know people who answer most of these questions with a "yes," please ask them to come down to earth and work with us more lowly and undeserving geeks we are drowning in work and we really want to see their capes!
"A diva is someone who pretends to know who she is and looks fabulous doing it." --Jenifer Lewis
"I'm not a diva. I'm a tadpole trying to be a frog." --Toni Braxton
By Shon Harris, a fabulous looking frog!