I'll offer my take on his "industry that shouldn't have become an industry".
One of the biggest drivers of cash into information security hires is government regulation. Otherwise, a lot of these companies could give a shit if they lose private data.
Enter the information security specialist who has no fucking clue how to program or do anything remotely technical. They went out and got their CISSP cert, and now they provide a legal shield to the corporation or government office that hires them. Their very presence provides the security theater needed to protect their employer from being sued for not providing the necessary security.
If you are a CISSP on here, the fact that you're on this site means you are in the minority of your loser poser peers. You probably hate these posers as much as I do.
I think John's point was more wide-ranging. Even without regulation, the truth is that security has long become just another market, where vulnerabilities and skills are bought and sold for cash, like any other commodity. Security used to be an aspect of system administration; now it's just another rat race with all the trappings of commercialisation ("enterprise" products etc etc).
One of the biggest drivers of cash into information security hires is government regulation. Otherwise, a lot of these companies could give a shit if they lose private data.
Enter the information security specialist who has no fucking clue how to program or do anything remotely technical. They went out and got their CISSP cert, and now they provide a legal shield to the corporation or government office that hires them. Their very presence provides the security theater needed to protect their employer from being sued for not providing the necessary security.
If you are a CISSP on here, the fact that you're on this site means you are in the minority of your loser poser peers. You probably hate these posers as much as I do.