The problem with cybersecurity is that you only have to screw once, and you're toast.

8organicbits 2 days ago | parent | next [-]

If that were true we'd have no cybersecurity professionals left.

In my experience, the work is focused on weakening vulnerable areas, auditing, incident response, and similar activities. Good cybersecurity professionals even get to know the business and tailor security to fit. The "one mistake and you're fired" mentality encourages hiding mistakes and suggests poor company culture.

▲

ceejayoz 2 days ago | parent [-]

"One mistake can cause a breach" and "we should fire people who make the one mistake" are very different claims. The latter claim was not made.

As with plane crashes and surgical complications, we should take an approach of learning from the mistake, and putting things in place to prevent/mitigate it in the future.

	▲	8organicbits 2 days ago \| parent [-]
		I believe the thread starts with cybersecurity as a job role, although perhaps I misunderstood. In either case, I agree with your learning-based approach. Blameless postmortem and related techniques are really valuable here.

▲

2 days ago | parent | prev | next [-]

[deleted]

▲

immibis 2 days ago | parent | prev [-]

There's a difference between "cybersecurity" meaning the property of having a secure system, and "cybersecurity" as a field of human endeavour.

If your system has lots of vulnerabilities, it's not secure - you don't have cybersecurity. If your system has lots of vulnerabilities, you have a lot of cybersecurity work to do and cybersecurity money to make.