Home page logo

isn logo Information Security News mailing list archives

Re: IT's hottest job? Security expert
From: Kelley Walker <kwalker2 () gte net>
Date: Wed, 20 Jun 2001 03:40:54 -0400

At 11:20 AM 6/19/01 -0500, Robert G. Ferrell wrote:
>Indeed, some experts wonder if the dearth isn't one of the
>reasons that hacks and intrusions are up some 50 percent from last
>year alone.

Another reason might be that a large percentage of security "experts"
in the industry have read a couple of books and got their jobs
by wowing the HR people with terms like "granularity" and "IPSec,"
but in fact have little to no practical experience on the front lines.
The term "expert" has become so diluted by constant misapplication that
it means nothing.  An "expert" these days is absolutely anyone who gets
their name in the same news story where computers are mentioned.

Of course, you need to remember that it's the media using those terms, mainly. Which is not to say that what you're is wrong. Of course, I'm fully aware that people have leveled a similar charge against the firm I work for. I happen to think, however, that we don't misrepresent ourselves in terms of what we do: security awareness training, mainly working with 'meatspace'. :)

This debate, in more abstract terms, frequently emerges (and not just in this field) and I find it particularly interesting since it's a field that tends to abjure formal training and book learning. As such, the lack of formal credentializing processes is lauded (and let's face it, there is such a thing as credential inflation anyway), but at the same time it means that the field is ripe for such exploitation.

Historically, modern professions tend to face just such a crisis or tension: antipathy to formalized credentials, valorization of hands-on-training, encroachment of charlatans and quacks. The medical profession dealt with such problems, and garnered a great deal of political power by organizing the AMA and associated professional socieities such as the APhA. Perhaps a more related example can be found in the history of the engineering profession.

At any rate, since before your archives began, a great piece by Fred Cohen. http://all.net/journal/netsec/9808.html

The Seedy Side of Security
by Fred Cohen

Series Introduction
Over the last several years, computing has changed to an almost purely networked environment, but the technical aspects of information protection have not kept up. As a result, the success of information security programs has increasingly become a function of our ability to make prudent management decisions about organizational activities. Managing Network Security takes a management view of protection and seeks to reconcile the need for security with the limitations of technology.

Kelley Walker

Organizational Researcher/Technical Writer
Interpact, Inc. Security Awareness

Interpact sponsors InfowarCon, 9/5-6, Washington, D.C.

ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]