Cybersecurity Professionals Lacking Technical Skills

The author of the post, an application security (appsec) engineer, interviewed two candidates for a senior position in their team. Despite having good resumes and professional experience, the candidates were unable to answer basic technical questions about application security, such as defining a JWT or explaining the difference between encoding and encryption. They stated that their previous roles mainly involved running tests with various tools and writing reports, without any real technical work.