I think that this comment says it all
Security professionals need to stop being snobs to solve the talent gap and improve problem-solving skills.
It’s completely true. I continually see this issue across the board, and it irritates me. From the insistence that you need an OSCP to hack into an organisation is absurd. Along the same theme, thy farcical standard of CISSP actually discredits the security community more than it does to bolster it. Ask yourself this. Does a criminal bother to take exams in order to break into your organisation ? The answer is no.
They’ll simply download a pre built kit 100% guaranteed to work from the dark web, select their target, and hit “go”. It all depends on how secure your environment is when it comes to exactly how successful their campaign will really be.
Let’s drop the snobbery and start appreciating the rate pool of talent out there that is waiting to be harnessed and put to good use. This isn’t an exclusive club. We are responsible for the lack of inclusion, and as soon as we realise this, we’ll be much better placed to respond to an attack.