Security's Everyman

Security's Everyman

Friday, October 13, 2006

Today's Thoughts

The Value of Certification

Martin McKeay has a good article on CW about certification. In it he talks about how certification is really nothing more than a piece of paper that says that you study and test well. I can't count the number of times that I've worked with someone who was certified in various technology areas yet they couldn't apply their so called knowledge to real world technology and problems. I think certification is a good thing, but it's too easy in many cases and need to be backed up by real world experience. As I'm sure we all know some of the sharpest and best technology professionals have never been certified in any field. They just go out and do the work and do it right.

Spammers vs. ICANN

I'm all for Spamhaus and others who put up a good fight against spammers. I'm also not a big fan of lawsuits just for the sake of getting to play your way. I'm really not in favor of the courts trying to force their opinion on a US company that has the potential for such wide spread controversy. Not only does this involve companies in 3 different countries, but it involves the world. SPAM and the Internet are worldwide issues and can't be treated like a US only problem. Check out this CW article by Robert McMillan to read more on this.

User Education

This article on CNet News caught my attention. It's about the futility of user education. I'm a big fan of user education. Not because I think that it's all that effective, but because I think that part of my job as a security professional is to teach others how to be more secure. Even if a lot of it goes in one ear and out the other. I like sharing my knowledge and I know that it helps a lot of people and that makes it worth it. Although I do want to replace some users computer with a Palm M105 and a etch-a-sketch.

At Work

We are in the midst of MAJOR changes at work. Many of them are contingent on a couple of things that are still up in the air. We are having to plan for 3 or 4 different scenarios and they range from drastic differences to minor changes. What I like about this is that it keeps me on my toes and I'm rarely bored. It also gives me the opportunity to delve into areas that are not in my normal day-to-day responsibilities. As I mentioned before I like to stay on top of issues that may come back and bite me either directly or indirectly. Regulatory and compliance  issues have a real chance of doing that. What is frustrating about that is trying to sort through all the legalese to get to the meat of what a regulation requires. Some of them are well summarized with documents that take you right to the heart of what you need to know. Some of them though are brutal and require either a good imitation or lots of money to figure out what you need to know. But like I said it keeps me on my toes. Especially as I'm close to taking the CISSP test all of this extra work gives me opportunity to stay sharp in this area. Of course there is also those times when I've just finished several hours or days of work on a plan only to find out that my boss just came from a meeting where things were changed that totally void my plan or cause me to make major revisions. Oh yeah, the really good thing about these changes is that some of them will force the company to implement some things that I've been pushing for since I've been there. It can only go up hill from here.


Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.