Faz's Fury

Cybersecurity is a lucrative career, but there is two big downsides: 1) You must be right 100% of the time; an attacker only once 2) You are expected to know *everything* about *every* process, procedure, policy and practice Expanding on #2, this is the reality of it. You are expected to be able to answer just about *any* question about your organization. The Director, CEO, COO, CIO and other levels are not expected to have this level of knowledge, and netiher are any other departments. However, cyber (especially the CISO) must be ready at a moments notice be able to answer for any breach of any system (and why the process or controls failed). This is ever evident by oversight boards and audits where there is no time (nor any expectation) to be able to ask someone else for the details. Here are some examples: - "Why don't the guards walk around the facility and check every door?" - "When do the fire extinguishers get inspected?" - "insert any other question not related to cybersecurity" This is the reality, at least from my perspective of where I work.