Although I agree with the base of your point, I think it is worth noting that there are likely plenty of folks underneath him with the knowledge to sway policies and implement them. In other words, a department can still be functional and even successful if their boss listens and applies the ideas offered.
>Although I agree with the base of your point, I think it is worth noting that there are likely plenty of folks underneath him with the knowledge to sway policies and implement them.
True, and while I understand that high level officials do not necessarily need to be able to write code or explain the difference between public and private key crypto, they should have a base level of understanding to make decisions on the materials prepared by their employees.
I don't think someone who isn't familiar with the concept of a USB drive is at that base level of understanding.
I agree - nobody needs to be a crack in any area, but whoever will take decisions needs at least a base understanding of the theme to judge the validity of the foundations on which those recommendations are based upon; anybody could be a manager if blindly following recommendations by subordinates would always end up in the best choice.
EDIT: but "Gpetrium"'s statement is actually still correct ("a department can still be functional and even successful if their boss listens and applies the ideas offered") - maybe from this perspective it's more a "must" for a successful manager, but, after the "listening" comes the "judging" and that MUST be based on own know-how.
Recently saw a pentester post stating that entry occurred when she asked a person to print something from usb which required showing the employee how to identify the usb once plugged in etc. (Baseline may be terrifying)
