Every now and then the topic of being a security generalist comes up in a conversation. Almost every organization has a person who deals with a wide variety of security matters. Security isn’t just one thing, it’s a term that describes a very large number of activities and spheres of knowledge. I consider myself a security generalist to a degree, I suspect many people reading this are also one. Rather than being very good at one topic, like cryptography for example, many of us have dealt with a large number of topics over the years.
I do like being a generalist and all the freedom and challenges that come with it, but the winds that drive the industry are starting to shift. The idea of having a few people who can a little bit of everything isn’t really working for most organizations. We’re all too busy to be effective much of the time.