Jack of all trades, master of none...
In this post, I will be talking about a topic that has stood the test of time that often sparks debates in the technical world.
Should you be a generalist or a specialist in Cybersecurity?
In this post, I will be making the case of being a generalist, and how it’s key in today’s changing world.
But wait, can’t being a generalist be a bad thing?
You know the quote “Jack of all trades, master of none” ? Something, something.
Most people don’t know the rest of that quote. It goes “is often better than the master of one”. Now, that paints a more complete picture.
Take this excerpt from patio11’s blog, Kalzumeus
“I’m not the best marketer or engineer in the world, but I’m a better engineer than almost all marketers and a better marketer than almost all engineers”
This is one of the most interesting ways I’ve seen versatility put into words. Being better at the things that others are trying to retrofit for.
In a world where most push the idea of becoming a specialist in something, being a generalist can actually make you stand out.
Knowing a broad array of skills, albeit not expert knowledge in them, can bring immense value to an org.
Most founders have a generalist background, with many ideas. First, they zoom out and assess. Then they zero in on one main idea.
The book Cyber For Builders goes over this. Having context to the broader trends of the market is an advantage for generalists.
Apart from founders, Engineers and Individual Contributors alike can benefit from taking a generalist approach.
There’s too much change in tech for there not to be a benefit in being an adaptable and nimble generalist.
The book Range, also goes over this topic in detail.
Examples of how this skillset will result in value.
A Project You’ve Been Working on Getting Sunsetted
This can happen for a few reasons.
Change in team priorities
End of contract with a vendor
Shifts in technology
I recall one time where I had worked on a project for 4+ months, before we decided as a team there were other pressing priorities and this project would be a more of a nice to have, rather than a must have.
Working an Incident
Requiring dropping other items
Getting familiar with pieces of the business you normally aren’t
Working after hours
This also brings memories.
Company Layoffs
Your org is affected by layoffs, resulting in structure changes
You are personally impacted
In the ongoing climate of layoffs and cost cutting, this can be a very real impactor.
Restructures can be tough on the way teams work together and top down outcomes. This requires the ability to adapt to these changes.
These are just 3 of the many ways being adaptable will greatly benefit you.
What I Read This Week
US lab testing provider exposed health data of 1.6 million people
1.6 million people’s PII impacted in 35 states. Another free credit monitoring offered as recourse
Simulate. Detect. Tune. Repeat.
It goes over testing your rules with Atomic, with 4 test examples
MITRE support for the CVE program expired and then re-extended
“The government continues to make considerable efforts to continue MITRE’s role in support of the program.”
This will be something to keep an eye on, with big second order effects on the security community
Wrapping Up
Everyone experiences changes around them. How you adapt is what makes the difference.
"The only constant in life is change"-Heraclitus
In this field, the only thing that is constant is change, and being able to roll with them is a skill. Being a generalist is not bad, in fact it’s a strength.
See you in the next one.