Over on the hellhole that is LinkedIn, the following (rhetorical) questions were posted on a thread of mine from someone who read the book and is familiar with my work. Here is what they said... "I've read the problem of security and know your opinions on Certification Bodies as a whole. But for entry level folk just starting their career, they're going to rely on what they are taught. They trust (rightly or wrongly) that what they paid for and were tested on was correct. At what point does it become the individuals fault that they're working off incorrect/outdated principles and not the certification bodies or educators? When is it no longer acceptable to claim ignorance? Or is it never OK and you should understand these problems before stepping into the field or you're doomed to fail?" I have some ideas...but what do you think?