> It claims to be both for security pros with many years experience, but others say it is foundational material
> Is there any wonder why we have a security problem?
You're absolutely right, but it hurt to read.
I know the management/technical divide has existed for a while, and yes, I know management sometimes has a point in stopping technicals focusing on irrelevant details. But... jesus. I'm currently tasked with evaluating "what an attacker could do" having compromised <X> on a <Y> system. No, I'm not allowed to evaluate a specific <X>'s likely vulnerability, or even an exact specification of <Y> - because that's losing the bigger picture.
> Is there any wonder why we have a security problem?
You're absolutely right, but it hurt to read.
I know the management/technical divide has existed for a while, and yes, I know management sometimes has a point in stopping technicals focusing on irrelevant details. But... jesus. I'm currently tasked with evaluating "what an attacker could do" having compromised <X> on a <Y> system. No, I'm not allowed to evaluate a specific <X>'s likely vulnerability, or even an exact specification of <Y> - because that's losing the bigger picture.
What do I even say?