Re: Fwd: Re: Security Expert Certificates

[jan.muenther () nruns com]

Heya,

> > There's absolutely nothing wrong with that, only you're not very likely to
> > write a good paper on either forensics or intrusion detection unless you
> > also know how to write exploits :>
>
> Hmm. Whilst I believe I can both code exploits and write passable papers, I 
> would take issue with that comment. It depends who your audience is IMHO.

Aaaww c'mon, I thought it was pretty clear I wasn't *that* serious. The
point is I think you're probably not a good forensics engineer without
knowing how to take unknown stuff apart, which requires some assembly skills
you'd also need for exploit construction. 

On a similar note, I'm tired of the approach of IDS being some sort of
automated alerting tool which just rings a bell when something bad happens. 
IDS are expert tools and will always be, and you won't be able to verify and
make any substantial comments on what happened if you don't know how an
exploit works. 

I totally agree on the target audience bit, of course, with regards to the
actual contents of the paper. Only thing is I believe we've all had our
share of people who think they can ignore the backgrounds of technology
(while discussing technical issues) since they have such an excellent view
of the "big picture". Maybe I'm just a frustrated security consultant, but I
see that all the time, and those people are fairly often the ones who also
flunk big time when it comes to, erm, higher-level securtiy questions. 

Of course you need to convince management and the like. However, I think
knowing what you're talking about, even if you abstract it so Mr Suit will
grok it, surely helps the cause. I just don't think anybody needs another
Gartner group report on either IDS or forensics. 

> PS No CISSP yet but 35 years as an engineer and a techie so far ;-)

I'm actually planning on getting it now, for very pragmatic reasons - I'm
getting divorced and have to pay alimentation...

Cheers, really, really, no offense intended.

J.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave