Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Where to start
From: "Curt Purdy" <purdy () tecman com>
Date: Tue, 9 Mar 2004 10:45:11 -0600

Aschwin Wesselius wrote:
Does a good security-officer have to know everything about
every hole?

If that were true there would be no sec-offs.

If I see lists and forums about network-security it seems
that everybody
knows a lot and has a huge reference base. Is this true?

Although I don't pretend to be "an expert", knowledge tends to come in one
of two flavors, narrow and deep, and wide and shallow.  I find in my field
it is best to have as wide a knowledge as possible while continually working
to deepen it as much as possible.  Security researches may argue with this
because of their need to focus on coding.  I would not argue with this but
Perl is about as deep as I go there.

I also would not argue with schooling, though I have had none since
graduating college in '76 (when I went back to visit the next year, walked
in and saw the punch card machines replaced by green screens and everyone
interactively entering code straight into the mainframe, I thought it was
the most amazing technological transformation in history).  I prefer the
school of hard-knocks and have the grey hair to prove it ;)

Just because there are discussions, it seems that there is not one
overall and central way of keeping track of evolving issues. How do
people keep track easily with up to date best practices and not get
distracted by "old" advisory?

I'm waiting for Google to write a search engine for brains.  Until then a
Palm will have to do along with Fish Oil (the only natural source of the
same protiens your brain is made of, and goog for your heart too.  And also
the reason human ancestors that were coastal dwellers beat out Neanderthals
that were hunters).

Sorry for rambling.

Information Security Engineer
DP Solutions


If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]