Cybersecurity: is the talent gap a myth? Is the industry delusional? - ESW #376

This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question:

• the maturity of the industry
• the supposed "talent gap" with millions of open jobs despite complaints that this industry is difficult to break into
• cybersecurity's 'delusion' problem

Also some whoopsies:

• researchers accidentally take over a TLD
• When nearly all your customers make the same insecure configuration mistakes, maybe it's not all their fault, ServiceNow finds out

Fortinet has a breach, but is it really accurate to call it that?

Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later.

The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers.

Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series!

Show Notes: https://securityweekly.com/esw-376