Security's Everyman

Security's Everyman

Tuesday, November 21, 2006

Fast Security

I'm playing catchup before getting behind with the holidays so I'm posting more than usual today. Plus there is just more out there that is catching my attention today. Like this post from Richard Bejtlich of TaoSecurity. Someone sent him an email asking Richard to impart all of his security wisdom in a quick and simple format. Maybe this guy is a fast learner and could glean all of Richards knowledge in record time. Probably not though. In all likelihood this guy is probably an executive who really thinks that security is that quick and easy. Just kidding, but it does seem that upper management seems to think that we can work miracles.

I've been in IT for 10 years and doing Security for 6 of them. I've read books, attended classes, played with various technologies and such for much of that time and I still am not where I want to be in my skills or knowledge. It seems like I always see someone that knows much more than me. But I keep plugging along learning what I can as I go. I'll be glad to help this guy or anyone else who really wants to learn security (not that I could teach nearly as much as Richard), but there is one condition. They have to realize that it takes work, discipline, lots of time and there are NO shortcuts.

1 comment:

LonerVamp said...

The closest thing to a shortcut would be getting into a job role next to a very experienced person and being thrust right into it headfirst. And even then, it will take years of experience to gain instincts in just the particular role...let alone other areas of security. There's still really no fast track at all to security in general.

RE: Executives, I think this is going to be a pain for a long time, until more technically-savvy executives grow up and into those positions. But even then, they hate to spend money and we all know IT and security require money of some sort. It is sometimes easier to just pretend there are fixed dollar silver bullets or that it is not a problem; pretend it's not there, deny it by not accepting it, and wait until the sky falls or someone comes knocking asking that they meet certain regulations.

Ahh well. Put both of those paragraphs together, and you get a security role that should use limited resources and open source tools, which requires even more investment in time to become proficient. Yikes!

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.