RE: [ISN] IT's hottest job? Security expert

From: Masongsong, Manny (Manny_Masongsongat_private)
Date: Wed Jun 20 2001 - 18:06:55 PDT

  • Next message: Luqman Mahmud: "[ISN] Stealth detection system disappears from screens"

    I agree with you.
    I've been in security since the late 1970's beginning with setting up of TSO
    accounts, then RACF, then CA-Top Secret, then dial-up protection devices,
    then LAN security, developed security policies, implemented VPNs, IDS,
    firewalls, security on Windows, UNIX, Tandem, AS400, etc., etc. and have
    helped set up national standards on shared-ATM network security, etc. I
    stood in front of company executives explaining what this stuff's all about
    and asked them for money for my security projects. I've battled with
    sysadmins and programmers about their unlimited production access. Many
    times I stay up late going over security logs or jump when my pager
    signalled an alert from our intrusion detection system. I've dealt with
    internal and external auditors and made reports to our insurers about our IT
    protection. I managed a team of technical experts, security administrators,
    disaster recovery coordinator, etc., etc. and trained them well to make sure
    they know their stuff.
    I taught this stuff in college and spoke at various conferences and have
    been a chairman of a computer security association for 14 years. I've done
    security continuously for over 20 years over ever-changing technologies, and
    yet I have never considered myself an expert because things always change
    and I find that there's always something new for me to learn, or that
    somebody always knows more than I do. Now, I watch the tv and they interview
    some network administrator or a recent grad who has just installed an
    anti-virus software  or someone who has read about hacking in Playboy
    magazine or a newbie who has written his first HTML code or someone who just
    learned to play with "hack-a-tack" and call them all "security experts". I
    really don't know where we should draw the line. Security is such a
    wide-ranging field that it would really be hard to become a true expert at
    it. I agree that the word "expert" has been misused.
    My 2 cents.
    Thank you.
    Manny R. Masongsong
    Corporate Technology Security Manager
    Information Technology
    Canaccord Capital Corporation
    P.O. Box 10337 Pacific Centre
    2200-609 Granville Street
    Vancouver BC Canada V7Y 1H2
    Tel: 604.643.7757, Fax: 604.643-7374
    E-mail: manny_masongsongat_private
    -----Original Message-----
    From: Robert G. Ferrell [mailto:rootat_private]
    Sent: Tuesday, June 19, 2001 9:21 AM
    To: isnat_private
    Subject: Re: [ISN] IT's hottest job? Security expert
    >Indeed, some experts wonder if the dearth isn't one of the
    >reasons that hacks and intrusions are up some 50 percent from last
    >year alone.
    Another reason might be that a large percentage of security "experts" 
    in the industry have read a couple of books and got their jobs 
    by wowing the HR people with terms like "granularity" and "IPSec," 
    but in fact have little to no practical experience on the front lines. 
    The term "expert" has become so diluted by constant misapplication that 
    it means nothing.  An "expert" these days is absolutely anyone who gets 
    their name in the same news story where computers are mentioned.
    I'll give you an example of this phenomenon.  My current "active" 
    ISN archive goes back to 23 April 1999.  A grep of that archive 
    for the word "expert" returns 1,174 lines containing that term.  
    Granted, some of these people probably do fit the traditional 
    definition of "expert."  But I'd be willing to bet all five of 
    the Wilderness AT tires on my truck that the majority of them don't. 
    "Hacker" has lost its meaning.  "Expert" is rapidly degenerating.  
    As someone pointed out to me recently, "Baud" suffered the same 
    erosive fate a few years ago. 
    Why do I care?  I think James Thurber put it very well:
    	Ill fares the land, to galloping fears a-prey, 
    	When gobbledygook accumulates, and words decay.
    Defending the semantics of the English (oops, American) 
    language is a tough and thankless job, but some fool has to do it.
    'Are we not men? We are Devo.'
    You may now leave the room, in single file.  No shoving.
    Robert G. Ferrell, CISSP
     Who goeth without humor goeth unarmed.
    ISN is hosted by
    To unsubscribe email isn-unsubscribeat_private
    ISN is hosted by
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 02:36:19 PDT