Repost of a LinkedIn article written 4 Nov 2017, located at:
A recent engagement that I was on solidified the importance of Infosec education in my mind. The exploitation of “layer eight” as well call it, of the users, for the uninitiated, is a real threat. When you run into a situation where neither your customer nor the vendor that they purchased a software solution from understand the capabilities of the product they are employing, it can lead to bad things.
The responsibility lies on the shoulders of those who have the education and expertise, to make sure that we are doing the best job that we can in spreading the gospel of Infosec and supporting the ISC2 Code of Ethics. If we cannot shoulder that more than our share of that effort, there are far too many people whose personal information will no doubt be compromised. There are too many of us who have been involved in cases where a compromise could have easily been avoided with a very simple interjection from a professional.
There are many in this field who feel that these simply executed compromises are a good sign in that they will ensure that we will always have employment waiting for us. How many Infosec professionals do what we do because they truly believe that it is their responsibility, regardless of fiscal rewards invloved?