Security Basics mailing list archives
Re: Identifying passion for security?
From: "Jason Muskat, GCFA, GCUX, de VE3TSJ" <Jason () TechDude Ca>
Date: Mon, 04 Dec 2006 20:02:29 -0500
Hello, I know what you mean. I have even seen certified people that don't have a clue what they are doing. Script-kiddies often have more skills. I would look to community involvement, outside office hours experiences, a multi-disciplined background, and then certs last. Good security people are not trained in school for security. It comes from a further understanding -- Putting it all together. Passionate doesn't mean skilled or experienced so look for indicators of such. Ask dumb questions such as, "What is a firewall for?", "How much does a stolen laptop cost?", "Is it ok to email customers their receipt?", "Are HTTPS web sites secure?", and such. Expect smart answers to the questions you didn't ask from the above. Books are 3 years out of date. They are good for ground up learning. I mostly read sites and pick up a book for a deeper level of understanding, such as Exploit Research. This year alone I read 8 books which is nothing compared to the online only material that I have read. -- A security people need to know the past and well as what is going on today. Zero Days are not going to be in a book. The person should be smart, adaptive, and be able to reference past events, "What did you do when the I Love You email worm hit?". Regards, -- Jason Muskat | GCFA, GCUX - de VE3TSJ ____________________________ TechDude e. Jason () TechDude Ca m. 416 .414 .9934 http://TechDude.Ca/
From: andy cuff <lists () securitywizardry com> Date: Fri, 01 Dec 2006 22:09:12 +0000 To: <security-basics () securityfocus com> Subject: Identifying passion for security? Resent-From: <security-basics-return-42172 () securityfocus com> Resent-Date: Mon, 4 Dec 2006 10:43:54 -0700 (MST) Evening, Showing my age I'm finding it increasingly difficult to find security geeks who are truly passionate about security. There seems to be a recent trend in unpassionate people chasing either the money, an easy ride or something that isn't as dull as network or system administration. So how would you identify passion quickly, personally I like what cons have you been to? If they are passionate but poor they would reply none but I'd like to .... What books have they bought, what tools do they use what sites do they visit email them at night and see how long it takes them to reply what else? -- Andy Cuff Computer Network Defence Ltd www.SecurityWizardry.com
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Identifying passion for security? andy cuff (Dec 04)
- RE: Identifying passion for security? Shain Singh (Dec 06)
- RE: Identifying passion for security? Don Parker (Dec 06)
- Re: Identifying passion for security? Jason Muskat, GCFA, GCUX, de VE3TSJ (Dec 06)
- Re: Identifying passion for security? Morgan Reed (Dec 06)
- Re: Identifying passion for security? Justin Lintz (Dec 06)
- <Possible follow-ups>
- Re: Identifying passion for security? krymson (Dec 06)
- RE: Identifying passion for security? Krpata, Tyler (Dec 08)
- Re: RE: Identifying passion for security? bardotherevolting (Dec 12)
- Re: RE: Identifying passion for security? Yousef Syed (Dec 12)
- RE: RE: Identifying passion for security? Shain Singh (Dec 14)
- Re[3]: Identifying passion for security? Roman Shirokov (Dec 13)
- Re: RE: Identifying passion for security? Yousef Syed (Dec 12)
- RE: Identifying passion for security? krymson (Dec 13)
- RE: Identifying passion for security? andy cuff (Dec 14)
(Thread continues...)