IntroductIon xxix
second wave was more “mature,” took the International Information
Systems Security Certication Consortium Certied Information
Systems Security Professional [(ISC)
2
CISSP] exam, “looked the
part” (they wore shirts and neckties), sounded the part (they used
buzzwords), and was more aesthetically pleasing to senior manage-
ment. But the second wave took on a pale complexion and started
sweating at the mention of terms such as TCP/IP or “false positive.”
One factor stayed common through these formative years in secu-
rity up until today: senior managers were never well advised in security.
e major theme of Security De-Engineering is how most of our
problems today are borne from a distancing of security professionals
from the ...