I like the objective of this article and most of what's in it but I think it leaves itself open to criticism.
I have doubts about the benefit of even implying a sense of objectivity to these so-called requirements because infosec is such a wide field and people from all over can and do never deal with a lot of these things.
A lot of folks in the industry would say that this lacks mention of LDAP, SAML, and other key protocols. Many folks would say that this is a very *NIX-centric list of utilities, or will work an entire career and never even see SPF or DNSSEC. Many pentesters would say that your understanding of security is only as good as your knowledge of how to break it, and insist on many more vulnerability types and tools as "core competencies" to this list. There's plenty of work being done in securing smart contracts and other cryptocurrency systems, so it's clearly opinion to insist on people avoiding it. Personally speaking, I think the insistence that there are tons of cryptocurrency people that don't know what cryptography is melodramatic and at some level not really possible. The idea of said people not knowing even what cryptography is while evangelizing about it is a contradiction. At this point most folks' beliefs on it are heavily correlated to personal politics, from people condemning or proclaiming it. That's a whole other topic, which is another reason why any binding opinions on it are not something I would include in an infosec core competencies list.
All this being said, I think getting to a consensus on what to learn is a good idea, and there are plenty of things that I personally agree with in this list, many or most of them even. The author is clear and up-front about it being based on his experience, but it appears pretty heavily so. It's still good, but I think this list would be better as a Git repository than a blog post.
I have doubts about the benefit of even implying a sense of objectivity to these so-called requirements because infosec is such a wide field and people from all over can and do never deal with a lot of these things.
A lot of folks in the industry would say that this lacks mention of LDAP, SAML, and other key protocols. Many folks would say that this is a very *NIX-centric list of utilities, or will work an entire career and never even see SPF or DNSSEC. Many pentesters would say that your understanding of security is only as good as your knowledge of how to break it, and insist on many more vulnerability types and tools as "core competencies" to this list. There's plenty of work being done in securing smart contracts and other cryptocurrency systems, so it's clearly opinion to insist on people avoiding it. Personally speaking, I think the insistence that there are tons of cryptocurrency people that don't know what cryptography is melodramatic and at some level not really possible. The idea of said people not knowing even what cryptography is while evangelizing about it is a contradiction. At this point most folks' beliefs on it are heavily correlated to personal politics, from people condemning or proclaiming it. That's a whole other topic, which is another reason why any binding opinions on it are not something I would include in an infosec core competencies list.
All this being said, I think getting to a consensus on what to learn is a good idea, and there are plenty of things that I personally agree with in this list, many or most of them even. The author is clear and up-front about it being based on his experience, but it appears pretty heavily so. It's still good, but I think this list would be better as a Git repository than a blog post.