I agree with you. I've been in security since the late 1970's beginning with setting up of TSO accounts, then RACF, then CA-Top Secret, then dial-up protection devices, then LAN security, developed security policies, implemented VPNs, IDS, firewalls, security on Windows, UNIX, Tandem, AS400, etc., etc. and have helped set up national standards on shared-ATM network security, etc. I stood in front of company executives explaining what this stuff's all about and asked them for money for my security projects. I've battled with sysadmins and programmers about their unlimited production access. Many times I stay up late going over security logs or jump when my pager signalled an alert from our intrusion detection system. I've dealt with internal and external auditors and made reports to our insurers about our IT protection. I managed a team of technical experts, security administrators, disaster recovery coordinator, etc., etc. and trained them well to make sure they know their stuff. I taught this stuff in college and spoke at various conferences and have been a chairman of a computer security association for 14 years. I've done security continuously for over 20 years over ever-changing technologies, and yet I have never considered myself an expert because things always change and I find that there's always something new for me to learn, or that somebody always knows more than I do. Now, I watch the tv and they interview some network administrator or a recent grad who has just installed an anti-virus software or someone who has read about hacking in Playboy magazine or a newbie who has written his first HTML code or someone who just learned to play with "hack-a-tack" and call them all "security experts". I really don't know where we should draw the line. Security is such a wide-ranging field that it would really be hard to become a true expert at it. I agree that the word "expert" has been misused. My 2 cents. Thank you. Manny Manny R. Masongsong Corporate Technology Security Manager Information Technology Canaccord Capital Corporation P.O. Box 10337 Pacific Centre 2200-609 Granville Street Vancouver BC Canada V7Y 1H2 Tel: 604.643.7757, Fax: 604.643-7374 Website: www.canaccord.com E-mail: manny_masongsongat_private -----Original Message----- From: Robert G. Ferrell [mailto:rootat_private] Sent: Tuesday, June 19, 2001 9:21 AM To: isnat_private Subject: Re: [ISN] IT's hottest job? Security expert >Indeed, some experts wonder if the dearth isn't one of the >reasons that hacks and intrusions are up some 50 percent from last >year alone. Another reason might be that a large percentage of security "experts" in the industry have read a couple of books and got their jobs by wowing the HR people with terms like "granularity" and "IPSec," but in fact have little to no practical experience on the front lines. The term "expert" has become so diluted by constant misapplication that it means nothing. An "expert" these days is absolutely anyone who gets their name in the same news story where computers are mentioned. I'll give you an example of this phenomenon. My current "active" ISN archive goes back to 23 April 1999. A grep of that archive for the word "expert" returns 1,174 lines containing that term. Granted, some of these people probably do fit the traditional definition of "expert." But I'd be willing to bet all five of the Wilderness AT tires on my truck that the majority of them don't. "Hacker" has lost its meaning. "Expert" is rapidly degenerating. As someone pointed out to me recently, "Baud" suffered the same erosive fate a few years ago. Why do I care? I think James Thurber put it very well: Ill fares the land, to galloping fears a-prey, When gobbledygook accumulates, and words decay. Defending the semantics of the English (oops, American) language is a tough and thankless job, but some fool has to do it. 'Are we not men? We are Devo.' You may now leave the room, in single file. No shoving. Cheers, RGF Robert G. Ferrell, CISSP ======================================== Who goeth without humor goeth unarmed. ======================================== ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 02:36:19 PDT