Yeah, I really liked the article overall. I see it as saying that these things people think in a binary fashion about should be treated with more nuance. The author addresses why these binary-style mantras exist and how they are not always true.
There are two where I disagree with the author (not saying it's unacceptable; the author may be correct and me wrong): the CISSP one, and also the rating vendor one. The author takes a deeper view than the binary thinking, and I want to take it deeper yet to refute the author's view. This arrives at the same conclusion as the binary groupthink in the infosec community, but does so by explaining why the binary idea became de-facto standard.
In case anyone is interested, my beef with CISSP is that the curriculum for CISSP certs promote a highly bureaucratic approach to security. I feel like it is largely a waste of time and money to get that cert. It rubs me the wrong way because once things like CISSP become required for some employment, it is hard to go back to more "lax" standards. Of course, it having a baseline of useful information like the author says is true. I just think CISSP is a net negative for society even so.
There are two where I disagree with the author (not saying it's unacceptable; the author may be correct and me wrong): the CISSP one, and also the rating vendor one. The author takes a deeper view than the binary thinking, and I want to take it deeper yet to refute the author's view. This arrives at the same conclusion as the binary groupthink in the infosec community, but does so by explaining why the binary idea became de-facto standard.
In case anyone is interested, my beef with CISSP is that the curriculum for CISSP certs promote a highly bureaucratic approach to security. I feel like it is largely a waste of time and money to get that cert. It rubs me the wrong way because once things like CISSP become required for some employment, it is hard to go back to more "lax" standards. Of course, it having a baseline of useful information like the author says is true. I just think CISSP is a net negative for society even so.