RE: Information Security Knowledge Overload - Swimming in a sea of whitepapers.

["Blake Wiedman" <bwiedman () iconsinc com>]

Just wanted to say thank you to all of the individuals who have given me
suggestions for programs.  Keep them coming, I'll test each one and
inform the list as to the faults and benefits of each ;-)

Blake 

-----Original Message-----
From: aoratos [mailto:aoratos () wideopenwest com] 
Sent: Saturday, June 05, 2004 2:58 AM
To: Blake Wiedman
Cc: security-basics () securityfocus com
Subject: Re: Information Security Knowledge Overload - Swimming in a sea
of whitepapers.

Blake Wiedman wrote:
> List,
>
> As a security consultant and long time administrator I have amassed a
> huge collection of vulnerability announcements, whitepapers, product
> manuals, ebooks, personel case studies, product reviews, research
> papers, and notes.  As this has grown into the multiple gig folder
size
> I am at the point where finding the info I need has become a timely
> task.  I was wondering how my peers are handling the mass of
information
> I know you are collecting.  Is there a product, organization method,
or
> tribal ritual <grin> you are using to datamine/find what you are
looking
> for.  I know a lot of products exist but most are for the enterprise
or
> are only web enabled.  As any consultant knows its better to be self
> sustained then require a net connection on a client site.  Does anyone
> have a personnel product recommendation or method they use to keep
track
> of it all.  Windows or Linux is fine, free or commercial I am at home
in
> both and open to ideas.
>
> Blake

Blake, I am in the same boat.  I got fed up with the 2GB of material 
like you mentioned AND the 800MB of wordlists and tools "I might need 
sometime" or "I want to check out next time I'm bored in an airport".

I tried out a few document management programs ("Columbus" is the only 
one that comes to mind).  I found them too bulky, they were more geared 
for managing all documents in a company.  Another thing I didn't like is

that many required you to check docs into a database for tracking.

Just last week I downloaded a program called OrgaDoc 
(http://savannah.gnu.org/projects/orgadoc)  I have not used it yet. 
What looks promising is that it doesn't require an SQL server to track 
the documents.  It looks like it generates XML docs for each of your 
document subdirectories which can be edited to include author, date, etc

for the document.  My hope is that it does NOT generate an XML file for 
each and every HTML file in an HTML-format book.

I wish I could give you a concrete solution.  Please let me know if any 
good answers come to you off-list.

Aoratos

P.S. I also downloaded TreePad.  I think it is more for Personal 
Information Management for things like phone numbers, notes, directions,

etc.  I need that too (my Handspring is getting crowded).  Hopefully I 
can get weekend time to play with these tools.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------