Re: [ISN] IT's hottest job? Security expert

From: Kelley Walker (kwalker2at_private)
Date: Wed Jun 20 2001 - 00:40:54 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, June 20, 2001"

    At 11:20 AM 6/19/01 -0500, Robert G. Ferrell wrote:
    > >Indeed, some experts wonder if the dearth isn't one of the
    > >reasons that hacks and intrusions are up some 50 percent from last
    > >year alone.
    >Another reason might be that a large percentage of security "experts"
    >in the industry have read a couple of books and got their jobs
    >by wowing the HR people with terms like "granularity" and "IPSec,"
    >but in fact have little to no practical experience on the front lines.
    >The term "expert" has become so diluted by constant misapplication that
    >it means nothing.  An "expert" these days is absolutely anyone who gets
    >their name in the same news story where computers are mentioned.
    Of course, you need to remember that it's the media using those terms, 
    mainly. Which is not to say that what you're is wrong.  Of course, I'm 
    fully aware that people have leveled a similar charge against the firm I 
    work for. I happen to think, however, that we don't misrepresent ourselves 
    in terms of what we do: security awareness training, mainly working with 
    'meatspace'. :)
    This debate, in more abstract terms, frequently emerges (and not just in 
    this field) and I find it particularly interesting since it's a field that 
    tends to abjure formal training and book learning. As such, the lack of 
    formal credentializing processes is lauded (and let's face it, there is 
    such a thing as credential inflation anyway), but at the same time it means 
    that the field is ripe for such exploitation.
    Historically, modern professions tend to face just such a crisis or 
    tension: antipathy to formalized credentials, valorization of 
    hands-on-training, encroachment of charlatans and quacks.  The medical 
    profession dealt with such problems, and garnered a great deal of political 
    power by organizing the AMA and associated professional socieities such as 
    the APhA.  Perhaps a more related example can be found in the history of 
    the engineering profession.
    At any rate, since before your archives began, a great piece by Fred 
    The Seedy Side of Security
    by Fred Cohen
    Series Introduction
    Over the last several years, computing has changed to an almost purely 
    networked environment, but the technical aspects of information protection 
    have not kept up. As a result, the success of information security programs 
    has increasingly become a function of our ability to make prudent 
    management decisions about organizational activities. Managing Network 
    Security takes a management view of protection and seeks to reconcile the 
    need for security with the limitations of technology.
    Kelley Walker
    Organizational Researcher/Technical Writer
    Interpact, Inc. Security Awareness
    Interpact sponsors InfowarCon, 9/5-6, Washington, D.C.
    ISN is hosted by
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 02:30:16 PDT