Home page logo

isn logo Information Security News mailing list archives

RE: IT's hottest job? Security expert
From: "Masongsong, Manny" <Manny_Masongsong () canaccord com>
Date: Wed, 20 Jun 2001 18:06:55 -0700

I agree with you.

I've been in security since the late 1970's beginning with setting up of TSO
accounts, then RACF, then CA-Top Secret, then dial-up protection devices,
then LAN security, developed security policies, implemented VPNs, IDS,
firewalls, security on Windows, UNIX, Tandem, AS400, etc., etc. and have
helped set up national standards on shared-ATM network security, etc. I
stood in front of company executives explaining what this stuff's all about
and asked them for money for my security projects. I've battled with
sysadmins and programmers about their unlimited production access. Many
times I stay up late going over security logs or jump when my pager
signalled an alert from our intrusion detection system. I've dealt with
internal and external auditors and made reports to our insurers about our IT
protection. I managed a team of technical experts, security administrators,
disaster recovery coordinator, etc., etc. and trained them well to make sure
they know their stuff.

I taught this stuff in college and spoke at various conferences and have
been a chairman of a computer security association for 14 years. I've done
security continuously for over 20 years over ever-changing technologies, and
yet I have never considered myself an expert because things always change
and I find that there's always something new for me to learn, or that
somebody always knows more than I do. Now, I watch the tv and they interview
some network administrator or a recent grad who has just installed an
anti-virus software  or someone who has read about hacking in Playboy
magazine or a newbie who has written his first HTML code or someone who just
learned to play with "hack-a-tack" and call them all "security experts". I
really don't know where we should draw the line. Security is such a
wide-ranging field that it would really be hard to become a true expert at
it. I agree that the word "expert" has been misused.

My 2 cents.

Thank you.


Manny R. Masongsong
Corporate Technology Security Manager
Information Technology
Canaccord Capital Corporation
P.O. Box 10337 Pacific Centre
2200-609 Granville Street
Vancouver BC Canada V7Y 1H2
Tel: 604.643.7757, Fax: 604.643-7374
Website: www.canaccord.com
E-mail: manny_masongsong () canaccord com

-----Original Message-----
From: Robert G. Ferrell [mailto:root () rgfsparc cr usgs gov]
Sent: Tuesday, June 19, 2001 9:21 AM
To: isn () securityfocus com
Subject: Re: [ISN] IT's hottest job? Security expert

Indeed, some experts wonder if the dearth isn't one of the
reasons that hacks and intrusions are up some 50 percent from last
year alone.

Another reason might be that a large percentage of security "experts" 
in the industry have read a couple of books and got their jobs 
by wowing the HR people with terms like "granularity" and "IPSec," 
but in fact have little to no practical experience on the front lines. 
The term "expert" has become so diluted by constant misapplication that 
it means nothing.  An "expert" these days is absolutely anyone who gets 
their name in the same news story where computers are mentioned.

I'll give you an example of this phenomenon.  My current "active" 
ISN archive goes back to 23 April 1999.  A grep of that archive 
for the word "expert" returns 1,174 lines containing that term.  
Granted, some of these people probably do fit the traditional 
definition of "expert."  But I'd be willing to bet all five of 
the Wilderness AT tires on my truck that the majority of them don't. 

"Hacker" has lost its meaning.  "Expert" is rapidly degenerating.  
As someone pointed out to me recently, "Baud" suffered the same 
erosive fate a few years ago. 

Why do I care?  I think James Thurber put it very well:

        Ill fares the land, to galloping fears a-prey, 
        When gobbledygook accumulates, and words decay.

Defending the semantics of the English (oops, American) 
language is a tough and thankless job, but some fool has to do it.
'Are we not men? We are Devo.'

You may now leave the room, in single file.  No shoving.



Robert G. Ferrell, CISSP
 Who goeth without humor goeth unarmed.

ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com 

ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]