OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: [ISN] IT's hottest job? Security expert

From: Masongsong, Manny (Manny_Masongsongcanaccord.com)
Date: Wed Jun 20 2001 - 20:06:55 CDT

I agree with you.

I've been in security since the late 1970's beginning with setting up of TSO
accounts, then RACF, then CA-Top Secret, then dial-up protection devices,
then LAN security, developed security policies, implemented VPNs, IDS,
firewalls, security on Windows, UNIX, Tandem, AS400, etc., etc. and have
helped set up national standards on shared-ATM network security, etc. I
stood in front of company executives explaining what this stuff's all about
and asked them for money for my security projects. I've battled with
sysadmins and programmers about their unlimited production access. Many
times I stay up late going over security logs or jump when my pager
signalled an alert from our intrusion detection system. I've dealt with
internal and external auditors and made reports to our insurers about our IT
protection. I managed a team of technical experts, security administrators,
disaster recovery coordinator, etc., etc. and trained them well to make sure
they know their stuff.

I taught this stuff in college and spoke at various conferences and have
been a chairman of a computer security association for 14 years. I've done
security continuously for over 20 years over ever-changing technologies, and
yet I have never considered myself an expert because things always change
and I find that there's always something new for me to learn, or that
somebody always knows more than I do. Now, I watch the tv and they interview
some network administrator or a recent grad who has just installed an
anti-virus software or someone who has read about hacking in Playboy
magazine or a newbie who has written his first HTML code or someone who just
learned to play with "hack-a-tack" and call them all "security experts". I
really don't know where we should draw the line. Security is such a
wide-ranging field that it would really be hard to become a true expert at
it. I agree that the word "expert" has been misused.

My 2 cents.

Thank you.

Manny

Manny R. Masongsong
Corporate Technology Security Manager
Information Technology
Canaccord Capital Corporation
P.O. Box 10337 Pacific Centre
2200-609 Granville Street
Vancouver BC Canada V7Y 1H2
Tel: 604.643.7757, Fax: 604.643-7374
Website: www.canaccord.com
E-mail: manny_masongsongcanaccord.com

-----Original Message-----
From: Robert G. Ferrell [mailto:rootrgfsparc.cr.usgs.gov]
Sent: Tuesday, June 19, 2001 9:21 AM
To: isnsecurityfocus.com
Subject: Re: [ISN] IT's hottest job? Security expert

>Indeed, some experts wonder if the dearth isn't one of the
>reasons that hacks and intrusions are up some 50 percent from last
>year alone.

Another reason might be that a large percentage of security "experts"
in the industry have read a couple of books and got their jobs
by wowing the HR people with terms like "granularity" and "IPSec,"
but in fact have little to no practical experience on the front lines.
The term "expert" has become so diluted by constant misapplication that
it means nothing. An "expert" these days is absolutely anyone who gets
their name in the same news story where computers are mentioned.

I'll give you an example of this phenomenon. My current "active"
ISN archive goes back to 23 April 1999. A grep of that archive
for the word "expert" returns 1,174 lines containing that term.
Granted, some of these people probably do fit the traditional
definition of "expert." But I'd be willing to bet all five of
the Wilderness AT tires on my truck that the majority of them don't.

"Hacker" has lost its meaning. "Expert" is rapidly degenerating.
As someone pointed out to me recently, "Baud" suffered the same
erosive fate a few years ago.

Why do I care? I think James Thurber put it very well:

        Ill fares the land, to galloping fears a-prey,
        When gobbledygook accumulates, and words decay.

Defending the semantics of the English (oops, American)
language is a tough and thankless job, but some fool has to do it.
'Are we not men? We are Devo.'

You may now leave the room, in single file. No shoving.

Cheers,

RGF

Robert G. Ferrell, CISSP
========================================
 Who goeth without humor goeth unarmed.
========================================

ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribeSecurityFocus.com.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribeSecurityFocus.com.