There is a meme going around related to the Equifax hack that points out an executive in charge of security doesn’t have a degree related to security.
Surprise! A lot of the folks who currently keep us safe on the internet don’t have degrees in security. They just didn’t exist when we were in school. I think Paul summed it up best:
[T]alking about Susan Mauldin’s music degree is a socially acceptable way for men (and they’re almost all men) to vent about a woman who they don’t feel belongs in their workplace – especially not in a senior role. That truth is simply unavoidable.
Paul’s article over on Security Ledger is well worth a read looking at security professionals and what their credentials are. Also, a summary of the discussions happening in various online fora about her and the breach.
On my Facebook feed, there have been a lot of discussions. It’s interesting because many of my friends are experts in security and/or internet technology. Some have degrees in relevant studies, but a lot are self taught. They are the embodiment of Chris Robert’s quote in Paul’s article.
“So many of us in security have worked our way in and clawed our way up and we stand on the experience that we have and build on the experience of others,” noted security expert Chris Roberts (@sidragon1) told [Paul]. “This realm we’ve created over the last 20+ years has only recently lent itself to certification and most of us have the scars and bruises from so many years of experience which arguably counts for as much if not more in some cases.”
Anti-abuse and deliverability are even newer field than security and they don’t have much in the way of certification, either. But most of us working in the field do have the scars and bruises from experience.
We are living in the future. Those of us who are creating the future are doing the best we can. Sometimes that means we have a degree in music. This doesn’t make us unqualified.