Do you want fries with that?

So much anguish. So many idiots. Yes, I’m referring to my latest post about education in security. Let me do my best to straighten my position out YET AGAIN.

First, a few observations. People posting on that thread fell into one of three general categories.

1.??????IT people who think security is a technical problem. It's not, but you are right, you don’t need a degree, you need skills. That is a hands-on job. At some point, you’ll want a ‘brains on’ job and that will require becoming more informed. If you want to get onto a board at some point, everyone else is going to have an education, and I don’t mean Security +. Deal with it and repeat after me ‘IT is NOT security’. Cyber security is a subset of a wider discipline that actually has its roots in risk management and governance. But then I am sure you all knew that.

2.??????Physical security people who are still in denial that they actually work in FM. These people have been resisting knowledge for decades and doing a damn fine job of it. ?Then again, there are no rewards in their sector for becoming better informed, so I have no issue with them staying where they are. That sector is doomed, and the rest of the real security industry is bravely following their example with this anti-intellectual attitude.

3.??????People with nothing to do with security at all who felt their opinion on the development of the sector is still valid. It isn’t. Thanks for playing.

I deleted a whole raft of comments from the thread without responding, then got bored and stopped even doing that. First to go were anything accusing me of ‘elitism’ or ‘gatekeeping’. I will deal with those comments shortly. One person even started their own thread about me, trying to draw me into an argument with them. I don’t argue with idiots on the internet, FYI. Then, I deleted anything where the person failed to read and understand the very simple language I used or made it about something other than what I had said. Apparently, there is something to be said about formal education after all, since it at least teaches basic comprehension and critical thinking skills.

I left any comments from the people who think they actually work in security or governance, mainly as a record. Common among this group were statements about how successful they had been for however many years without education as validation for not getting one. Interestingly, these are the same category of people who generally can’t answer the basic security thought questions I sometimes post beyond providing the lowest common denominator. Most of these people that I encounter don't even read books on the subject but still claim expertise.

Here’s a question for you. How many surgeons do you see on social media whining about how many hurdles they need to get over to become a surgeon? How many lawyers? How many of them are complaining about how ‘unfair’ it all is? How many whine about ‘elitism’ or ‘gatekeeping’ in those professions?

Not many, I’ll bet.

But not only is it perfectly acceptable to do so in the security sector, but it’s also the norm. This says a lot about the calibre of the people coming into the sector. I suppose this is what you get when you have people brought up on participation trophies. The moment they need to make sacrifices and earn something for themselves, they play whatever card they have to protect their fragile egos. ‘It’s the patriarchy’, ‘it’s the class system’, ‘it’s whatever excuse is trending this week’. A person that never learned to lose is not ready for the brutal way that the real world works.

We are seeing exponential rises in security incidents and computer-related crimes, and yet so many practitioners think they do not need to learn more about their trade in a formalised way. Uh-huh. Some people even equated not needing education in security with the fact that cybercriminals don’t need degrees. Take a moment and work that one out. So the police don’t need training because criminals don’t get any? Would you employ someone this stupid?

Explain that to the board, if you can. Of course, you don’t need to because you aren’t getting within a mile of the boardroom – unless you are hoovering it.

I’ll address both of the main accusations made against me here and now.

1.??????Elitism? Yep. Sign me up. Lifetime membership. Anyone who starts something with the intention of only wanting to be average at it is a liar. Are you saying that kids are picking guitars up everywhere, dreaming of becoming buskers rather than packing stadiums? Evolution (fact, like it or not) proves that ‘to the victor go the spoils’. It provides the social and biological imperatives for all human endeavour. I am elite. My doctorate makes me a world-authority in my area of specialism. That is not a threat to you or condemnation of you. The accomplishments of other people can either be inspiring or intimidating. Whichever you choose is a lot more about the strength of your character, and says a lot about you. If you approach me the right way, I can and will help you. If – and most of you don’t.

2.??????Gatekeeping? How is demanding more from people working in the sector if it raises the quality of thought ‘gate keeping’? If you think where I started and where I now am, do you seriously think that there were no barriers, no gates? I grew up dirt-poor in North London. On my journey, there were no silver spoons, no ‘old boy networks’, no benevolent mentors who can open doors, make introductions and ‘grease wheels’. There was no trust fund to pay for my education. I am a repeat failure. Everything I have ever achieved; I did largely alone. I dragged myself over every obstacle, got bloody, pulled myself up and kept on going. I kicked in doors and bypassed 'gatekeepers'. I found a way, not an excuse. Don’t dare ever talk to me about ‘gatekeeping’ to defend your own laziness, weak character and lack of integrity.

The moment either of these accusations is made, the person making them loses all legitimacy. Now, a bit of clarity for all the people who still can’t work it out.

A degree (bearing in mind how fundamentally broken the education system is) is more than a box-tick for some employer. Hiring is broken too. It's not about that either. It’s about you and your development. The reward isn’t a bit of paper. It’s what you become as a result of committing to several years of structured enquiry into a subject. It changes how you think. And, like it or not, security beyond the operational level is a thinking person’s game. Now sure, there are ‘educated idiots’ out there but wisdom is a blend of experience and study, not just one or the other. Of course, people without education won’t know this. It’s like arguing with someone colourblind about a particular shade of paint.

The bible states that ‘the meek shall inherit the earth’ but it doesn’t state what happens next. I’ll tell you. They ruin it, largely because they lack the character to do what needs to be done to protect it and they are only equipped to blame the people they inherited it from.

This is not a debate. I don’t care about your opinion. Stay uninformed or don’t. If you choose the former, don’t complain about your career in a decade. If you choose the latter, I am here to help you. Again, choose your level.