Wonderful! Thank you for sharing this. What you said about norms totally makes sense. Maybe I will re-sharpen the article.
Thanks for your response! I am leaving InfoSec for now as well.
It is simply that the certificates that I happen to know about have poor tests that do not actually signal ability to estimate security. I do not know much about the certifications from SANS except that the training is indeed quite broad. According to their website, the test for the GICSP certification consists of 115 questions (I assume multiple choice) of which 70% have to be correct in order to get the certification. Depending on how the answers relate to points, I guess that I could get the certification with a couple of tries and little actual knowledge. Almost everyone of my colleagues had a G**** certification and I am not too impressed by their abilities. Therefore, I assume that it is rarely useful to pursue a certification if you can self-teach instead (or have a very good mentor/teacher at hand).
I like your critique! I must admit that I was very unhappy with the org but already left it at the time when I wrote this post. However, I want to push back on some of your points. The Fraunhofer Society indeed conducts somewhat basic research, although the results are much more predictable than in the case of say foundational physics research. There is absolutely nothing wrong with this and I am not sceptical of it. In the post I wanted to point out that the organisation has an unhealthy relationship with grantmakers. This leads to a situation where there is no incentive for the institution to actually provide any valuable research results. I have a better understanding of game theory now and would improve upon the post, if that would be considered helpful.
A comparison to the Max Planck Society in regards to effectiveness would be very interesting indeed. Especially since the Max Planck Society is almost fully funded through unrestricted basic funding.
Yes, about 30-35% of the total funding comes from private companies. However, these are often not direct research contracts (Company pays Fraunhofer to develop x) but publicly funded projects in which Fraunhofer works together with private companies (notably KMUinnovativ for example). But this assumption is based on my observation in different teams/institutes. I could be wrong.
Sorry if this is misleading in the text. Publicly funded projects are open for bids from almost everyone. Private Companies and other non-profit organizations do do public projects. It is just that not always the best project candidate wins because decisions are not rational. Organizations like Fraunhofer feast on that. There are huge resources devoted to spamming grantmakers with project proposals.
I do not know much about any other publicly funded research group. It could be possible that only few projects have an impact and that that impact is tremendous (unusually strong success). Whilst that would justify continuing the funding it clearly would not justify sticking with the current system since improvements can be made. I highly encourage further analysis of their operations since I would not be surprised to see similar issues. If someone is interested, do not hesitate to contact me.
Great Question. I just think that along with the social aspect of a local group, the group should mainly provide feedback and help. I have of course tried to speak about what I do to improve the world we live in.
The problem really is that (at least within this group) new ideas are extremely rare and do not get a lot of reception. It is more like a echo chamber of confirmation for the group members. I am very unsure wether I should bother CEA with this since it might waste their time as well.