Generalist vs. Expert
I have been thinking about the idea of generalists vs. experts in security (which probably translates into any field). I tend to look at the generalist as a jack-of-all-trades (joat), where the individual knows a wide range of subjects. Some people would say a mile wide and an inch thick, but I think generalists are often much more knowledgeable than they are given credit for. The strength a generalist can lend is a wide variety of experience to help solve problems in many areas. The weakness is if you need a very focused skill or knowledge base, the generalist will probably not have it.
A specialist (or expert) is generally looked at as an inch wide and a mile deep. But unlike the generalist, this is probably a fair statement for most specialists. This person is extremely knowledgeable in one or two areas. The expert can give you advice to likely solve any problem that arises in her area. But experts tend to be very tunnel-visioned and may not be able help in other areas.
I would say that a generalist has the advantage of being able to fit in many organizations, so the career path for such an individual may be better because of this. I know that I have a fairly broad knowledgebase, and it has helped me in my career because I had experience in a lot of different areas.
However, from the direction of value to the industry, I think experts have an advantage because they can answer in depth questions with much more certainty than generalists can. If you frequent forums and knowledgebases, you will find that the questions asked there are almost always very pointed questions about a particular product in a particular scenario. This type of question plays into the specialists hands.
As an example, I can see a huge value in the expert knowledge of the people in Accuvant’s assessment practice.Â These people totally kick ass in what they do, and it adds a HUGE amount of value to Accuvant’s offering.
I think generalists tend to end up in roles like security evangelists and pre-sales engineers (though I know a couple of SE’s who are very broad and deep in their knowledge of security).
So I guess you can argue this all day without coming to a consensus.Â And though I have have essentially taken the generalist path in my IT and security career, I don’t think either is “better” than the other.Â It really depends on your proclivity and your basic talent.