mailing list archives
RE: Where to start
From: "Curt Purdy" <purdy () tecman com>
Date: Tue, 9 Mar 2004 10:45:11 -0600
Aschwin Wesselius wrote:
Does a good security-officer have to know everything about
If that were true there would be no sec-offs.
If I see lists and forums about network-security it seems
knows a lot and has a huge reference base. Is this true?
Although I don't pretend to be "an expert", knowledge tends to come in one
of two flavors, narrow and deep, and wide and shallow. I find in my field
it is best to have as wide a knowledge as possible while continually working
to deepen it as much as possible. Security researches may argue with this
because of their need to focus on coding. I would not argue with this but
Perl is about as deep as I go there.
I also would not argue with schooling, though I have had none since
graduating college in '76 (when I went back to visit the next year, walked
in and saw the punch card machines replaced by green screens and everyone
interactively entering code straight into the mainframe, I thought it was
the most amazing technological transformation in history). I prefer the
school of hard-knocks and have the grey hair to prove it ;)
Just because there are discussions, it seems that there is not one
overall and central way of keeping track of evolving issues. How do
people keep track easily with up to date best practices and not get
distracted by "old" advisory?
I'm waiting for Google to write a search engine for brains. Until then a
Palm will have to do along with Fish Oil (the only natural source of the
same protiens your brain is made of, and goog for your heart too. And also
the reason human ancestors that were coastal dwellers beat out Neanderthals
that were hunters).
Sorry for rambling.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
Full-Disclosure - We believe in it.