I initially started in the IT field working for myself doing computer and minor networking work for individuals and small businesses. I was always surprised at how well I was received as I was pretty young and, admittedly, not as knowledgeable as I am now. Turns out that these people were thrilled with my service because they had either had an awful experience with an IT company before or had heard of someone who had. I think that a lot of customers who weren't necessarily knowledgeable about computers were still perceptive enough to know that they weren't being ripped off (and, when with certain previous IT companies, were being ripped off).
Fast forward a bit and I've held a number of different positions in the IT industry. I got out of PC repair because I really don't enjoy directly charging customers for service, even if it was fair, dependable service). I have found in my travels that a lot of folks started out in a similar manner as myself. This leads me to my eventual point (my apologies, kind of rambling here!), which is that it's tough to make much as a PC repairman unless you own/mnage the company. And, if you do own/manage the company you're probably not actually repairing computers. Thus, your PC is more than likely being repaired by someone who's either entry-level or incompetent. While salary and experience level don't excuse the privacy/morality violations they do help explain the incompetence they ran into in TFA.
I am concerned that a sizable government department can't repel attacks from - allegedly - North Korea.
How could we possibly be at fault for this problem? We hired a [Insert security cert here]-certified professional so I can't fathom how this could be our fault.
As I noted above, the truth is somewhere in the middle. Certs prove that you have the dedication to actually get certified and, in some cases, the skill to go with it. Of course, InfoSec certs are no different than other IT-industry certs. Some are better than others and some prove different things than others. I'd argue that a GIAC cert proves more knowledge than something like a Security+ since the GIAC certs tend to require some critical thinking and application of concepts rather than (mostly) straight memorization.
Security professionals are like other IT professionals in that it's often tougher to hire someone based on a resume. If, for instance, I'm interviewing two guys for CEO and one made his company $100 million and the other made his $10, I at least have a metric there. As for IT hiring, I prefer to use a defense-in-depth mindset in hiring. That is to say that your best bet is to check resume, references, certs, and probably give some kind of hands-on test.
No, the certs aren't perfect, but they definitely help.
Netherlands Size: 16,033 sq mi
US Size: 3,794,066 sq mi
No surprise that it's easier to build an extensive biking network in The Netherlands than the US.
Also, anyone with any network design sense would vlan & firewall the ATMs off of the rest of the network.
Yes, it's Windows. But without crazy Aunt Judy trying to install her cat screensavers Windows should be fine for the task.
Anyway, I like your policy.
Mathematics is the only science where one never knows what one is talking about nor whether what is said is true. -- Russell