Dailydave mailing list archives
Re: Can Dave be cloned?
From: robert () dyadsecurity com
Date: Tue, 5 Oct 2004 16:07:27 -0700
Kevin Ponds(kponds () gmail com)@Tue, Oct 05, 2004 at 04:23:58PM -0500:
On the flip side of the coin, what can people coming out of college in a field like this do to make sure their skills are allocated in the right place?
Make sure that you are working while you are still in school. There is a difference between getting the project done well enough to earn a good grade, and getting it done well enough to earn money.
My experience in job hunting (I'm about to graduate college) is that you can either get a job developing security products or using security products. The latter environment is much more prevelant in the college job hunt.
Sad truth is that our industry is saturated with people who can not accurately self assess their own strengths and weaknesses. We have people with no understanding of how computers really work learning how to run automated wizards and passing as security experts. One of our internal mottos at Dyad is "What you do means a lot more than what you say". More to your point though, you can't fully understand what a tool does for you until you try to build one yourself. You'll learn more by writing a sniffer than by simply using one.
This makes it hard for the security college grad. We can either take the F500 corporate job and not use our advanced programming skills, or we can try and try to get on with a company such as Immunity or eEye, which is a very tough battle to fight when corporations are trying to throw money at you.
:) .. at some point you have to pick a primary motivation. Some people are greatly motivated by money. Others are greatly motivated by accomplishment. In order to be the best you can be, you need to quickly pick which motivation to grab on to.
My advice, look where the college graduates will look. Post on SecurityFocus jobs, different security forums and mailing lists, etc. Stay relevant, and don't post job advertisements in low traffic lists that like to stay on subject.
When I'm interviewing candidates I look for accomplishments. If all they have on their resume is a degree, they're far less interesting than if they have contributed to meaningful projects along the way. Most CS college grads will have to unlearn years of habits before they can become usable. There is a huge difference between an exploit writer and a security researcher. While the exploit writer may have a highly honed knack for finding and exploiting a buffer overflow, a security analyst is able to find additional attack vectors outside of the well known problem set. While in college, expose yourself to as many varied things as you possibly can. Join projects, sponsor projects, contribute like mad. When I was in college I played French Horn 7-10 hours a day. I would have done more if I didn't have other homework, classes, sleeping and eating to contend with. Now at work I work 12-16 hour days on average. It takes a great deal of dedication to get really good at anything. Or you can just do the megacorp thing, put in your 8 hours, go home, earn a pension, and never accomplish anything of great worth. You can even make a lot of money doing that. It's all about your priorities and personal motivations. =)
We are interested in computers, but we aren't interested in fumbling around with Crystal Reports all day, and thats what's being shoved down our throats.
I'm not sure if you got the memo, but I'm going to need that TPS report by 4:00pm today... so if you could just do that, that would be great. Robert -- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Can Dave be cloned? David Stein (Oct 05)
- Re: Can Dave be cloned? Kevin Ponds (Oct 05)
- Re: Can Dave be cloned? robert (Oct 05)
- Re: Can Dave be cloned? ken_i_m (Oct 06)
- Re: Can Dave be cloned? robert (Oct 05)
- Re: Can Dave be cloned? Jason Lewis (Oct 05)
- Re: Can Dave be cloned? Matt Hargett (Oct 05)
- Re: Can Dave be cloned? Michael Murray (Oct 05)
- Re: Can Dave be cloned? Matt Hargett (Oct 05)
- Re: Can Dave be cloned? Karl Shea (Oct 06)
- Re: Can Dave be cloned? Gadi Evron (Oct 06)
- Re: Can Dave be cloned? David Stein (Oct 06)
- Re: Can Dave be cloned? Gadi Evron (Oct 06)
- Re: Can Dave be cloned? Gadi Evron (Oct 06)
- Re: Can Dave be cloned? David Stein (Oct 06)
(Thread continues...)
- Re: Can Dave be cloned? Kevin Ponds (Oct 05)