tag:blogger.com,1999:blog-29245024.post4445693409434964364..comments2023-06-17T07:57:18.521-04:00Comments on Andy, ITGuy: Security SinsAndy, ITGuyhttp://www.blogger.com/profile/09237512546845510001noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-29245024.post-72419772646573926702007-03-09T14:06:00.000-05:002007-03-09T14:06:00.000-05:00Great point Haran. Too often the lack of understan...Great point Haran. Too often the lack of understanding (whether from apathy or lack of training) is a major factor in effective incident response. I'm glad to support any effort that will help get good, affordable training in the hands of the front line guys. I hope the book does well. I'll look for it to hit the shelves soon.Andy, ITGuyhttps://www.blogger.com/profile/09237512546845510001noreply@blogger.comtag:blogger.com,1999:blog-29245024.post-12469709212800727652007-03-09T08:45:00.000-05:002007-03-09T08:45:00.000-05:00Andy,Great blog!Sloth - I've seen a lot of IT guys...Andy,<BR/><BR/>Great blog!<BR/><BR/>Sloth - I've seen a lot of IT guys who struggle with not having the time to do what they need to do, and do it right. I've also worked with IT guys who have stated that they have no intention of learning anything new.<BR/><BR/>I'd like to throw this out without being seen as too much of a shameless plug. I have a new book coming out next month, "Windows Forensic Analysis". It covers live and post-mortem analysis of Windows systems. I've used that material to put together a workshop through my employer. The idea of the whole thing is to somehow get the necessary knowledge in the hands of the IT guys. One of the greatest obstacles I see to the work I do (emergency response) is a lack of tier 1/front line knowledge on the part of the IT staffs we work with.<BR/><BR/>Like Cutaway, I'm a former Marine. We had a number of "immediate actions"...things we were trained to do immediately when a problem (M-16 or M-9 jammed, M-60 jammed, etc.) occurred. The goal of the book and workshop is to train IT staffs in immediate actions for IR. Too many times, we've received calls for assistance, only to find out that the IT staff "worked on" the issue for a month or more prior to calling us.<BR/><BR/>I know from experience that with the right tools and knowledge, those "slothful" IT guys will have a much better reaction time, and the inevitable incidents will be better understood and resolved.<BR/><BR/>THanks,<BR/><BR/>Harlan<BR/>http://windowsir.blogspot.comH. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com