Actually I have 10+ years in the field, am a CISSP, and was a CISO in the financial services industry for 6 years.
Saying someone is "only" an "accomplished cryptographer" really diminishes what is required to have the mindset that makes you a good cryptographer
That's precisely the point of view I'm refuting. The kind of mindset you need to be a good cryptographer has little or nothing to do with being good at physical security, network security, or any other field of security. The reason: informations security is composed of disparate fields, related only by the need to maintain C., I., and A.
Because that's what Bruce's background and experience is in. He has never worked in most of the other areas -- he's never held a position doing physical security work. I've got reservations about "security" being all the same thing, and about Bruce being a presumed expert in every area of it. It'd be like a veterinarian doing surgery on a human. Related? Loosely.
Saying someone is "only" an "accomplished cryptographer" really diminishes what is required to have the mindset that makes you a good cryptographer
That's precisely the point of view I'm refuting. The kind of mindset you need to be a good cryptographer has little or nothing to do with being good at physical security, network security, or any other field of security. The reason: informations security is composed of disparate fields, related only by the need to maintain C., I., and A.