> Then I'm not sure what the point of your post was.
That "but she has a music degree!" is the least relevant part of evaluating if someone is qualified for such a CISO role or not. Someone with the "wrong" degree but talent and relevant experience would easily beat someone with a fancy "Masters of Information Security" degree that then muddled around in less relevant areas. Focusing on people's degrees is almost always the wrong measure in IT.
> Someone with the "wrong" degree but talent and relevant experience would easily beat someone with a fancy "Masters of Information Security" degree that then muddled around in less relevant areas.
Sure, totally agreed.
> Focusing on people's degrees is almost always the wrong measure in IT.
Maybe 20 years ago. (I was there.)
Today, asking for exceptional technical depth and a proven track-record of leadership is not a big ask.
And the linked article and the common references to it highlight almost exclusively "wrong degree/education" instead of "no relevant experience/track-record" (if that's the case, no clue what her experience looked like on paper. but the article also brushes it away with a sentence just to focus back on education). That's my problem with it.
I'm guessing you are from non-traditional background and work in it somehow. Having a track record is pretty basic when evaluating people for high level positions who have non-traditional backgrounds. Why is this upsetting to you?
> I'm guessing you are from non-traditional background and work in it somehow
You're guessing wrong.
> Having a track record is pretty basic when evaluating people for high level positions who have non-traditional backgrounds.
Not sure why you're saying that in a thread where everybody agrees that track record is important?
> Why is this upsetting to you?
It's not upsetting, I just think, as I've explained multiple times, that putting a spotlight on the degree alone, as the linked article does, is a bad argument, given that track record and experience matter much more than what degree someone got years ago. It's a cheap gotcha.
You know what's truly upsetting? Pervasive gross incompetence in the C suites of American companies.
> I just think, as I've explained multiple times, that putting a spotlight on the degree alone, as the linked article does, is a bad argument
Why?
It would be a fucking scandal in literally any other field.
"Chief Medical Officer didn't have any medical training".
"Chief Accounting Officer doesn't have any accounting training and isn't a CPA."
Do you not respect IT as a profession? Or do you think anyone who has read some WebMD, shadowed a bit, and muddled through a few years of physical exams at a family practice should qualify for a CMO position?
> ...given that track record and experience matter much more than what degree someone got years ago. It's a cheap gotcha.
No, it isn't. Insisting on a formal demonstration of knowledge -- in addition to experience -- is not unreasonable.
The IT status quo doesn't exist in any other profession.
Engineers must attend ABET-accredited programs and then become or work under PEs.
Certification and required education is pervasive in medicine.
Lawyers attend law school pass the bar.
CPAs and actuaries take difficult exams.
Fact: IT security is a complete cluster fuck. Incompetence is everywhere. For every competent self-taught person there are dozens of dunning-kruger idiots. The status quo does not work. At all.
There are many jobs in software shouldn't require formal certification of technical knowledge. Just like there are many jobs in medicine, law, accounting, and finance that do not require formal certifications.
That "but she has a music degree!" is the least relevant part of evaluating if someone is qualified for such a CISO role or not. Someone with the "wrong" degree but talent and relevant experience would easily beat someone with a fancy "Masters of Information Security" degree that then muddled around in less relevant areas. Focusing on people's degrees is almost always the wrong measure in IT.