Possibly unpopular opinion: there should be more IT Ops people who transition into InfoSec.

InfoSec is a bit of a gold rush of certificates and theory.

There is a lack of experience of reality, in the trenches.
If you're an AD admin and you know what adsiedit.msc is, you probably already know more about identity security and patching than many people in the InfoSec industry dispatching the advice on patching.
This applies in vendor space too, there needs to be more diversity of thought with people who actually do the doing.

If you look at infosec from a high level every org should have good patching of SharePoint, silod networks, great controls etc etc. Why doesn't that happen?
There's lots of reasons, which includes - it's really difficult to patch SharePoint. And Exchange. Try repairing a DAG in Exchange after applying 24 update rollups.

Theory is great, and certs can be great. But have a mix of voices for a fuller view.
If you think InfoSec is hard (it is), try working in IT Ops. That's also hard, and you'll develop empathy fast. You'll also learn to plate spin - a lot. Security vulnerabilities are one of many concerns for IT, and quite often lower down on daily risks which become reality.
We're kinda stuck in a spiral with this one, as HR departments will look for certs from job descriptions (often copy& pasted), so filter out people with IT experience.

There's becoming a deficit between theory and practice; some good candidates are the ones who can join them up.
A commercial factor influencing things increasingly is orgs want to save money on security -- so look for governance, risk management and compliance people to manage MSPs, then there's a race to the bottom on MSP costs.
The core IT peeps in those kind of orgs are goldmines in my experience, poach them. They know what's what.
Thank you for coming to my PORG talk.
Btw, I'm bias on this one as my background includes this :D

Not everybody should have same background, need fresh faces too for diverse pool.
And finally, if you're pondering why Zerologon suddenly got so much focus in recent weeks - I looked at it and went 'yeah, unicorns patch every single domain controller each month, this is a huge vuln for a long time in threat terms'. Theory doesn't teach you that, ops does.
You can follow @GossiTheDog.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: