My take on how a decade (or more) of using cloud services for everything has seemingly deskilled the workforce.
Just recently I found myself interviewing senior security engineers just to realize that in many cases they had absolutely no idea about how the stuff they supposedly worked with, actually worked.
This all made me wonder, is it possible that over-reliance on cloud services for everything has massively deskilled the engineering workforce? And if it is so, who is going to be the European clouds, so necessary for EU’s digital sovereignty?
I did not copy-paste the post in here because of the different writing style, but I get no benefit whatsoever from website visits.
Not when the skillset is essentially outsourced and you are left consuming the product of that skillset.
Understanding is nonnegotiable in security, IMHO.
You can’t fail to understand how signature attestation works, if you are implementing it, to make one example I made in the post. Otherwise you end up verifying the signature in the CI (like that person claimed it should be done) and waste the whole effort. You can definitely still outsource the whole infra and scripting to Github, but you still need to understand. The problem is that when you can outsource everything, at some point understanding becomes an extra step.