Security Basics mailing list archives
Re: Identifying passion for security?
From: krymson () gmail com
Date: 5 Dec 2006 15:19:01 -0000
First of all, I want to say that I *love* this question! (Partly because I'm in a job I don't like and need something new, but also because the question is excellent!) I also think you have some really good ideas already. Talking about cons is excellent, and even if they have not been to any, you can tell when someone truly is interested (talk to me about Defcon or Shmoocon and I'll get this look in my eye and a smile, even though I've yet to successfully attend). Also, sites and tools is an excellent means, as any of us who have passion for this field will usually be happy to talk about it. Maybe not all our IRC channels and hangouts as we tend to be a group the enjoys our privacy and super-secret locations. :) One of my personal little measures is talking about or finding out how someone spends their free time. If they do networking/security/sysadminning only at work and the rest of their evening and weekends are spent on their own life, they may have less passion for the work. Someone who "geeks out" at home as well as work has some passion and enthusiasm. I call it just plain being a geek. I've known people in this field who barely touch computers at home after work and are not geeks, and they typically are not as valuable as geeks. Granted, some people do have lives, families, and things that make them not able to fully feed their inner geek, and that is alright. But most passionate people will have enthusiasm and passion when discussing their inner geek. I would say talk about some key ideas floating around right now, things that can spark some thinking and openness in discussion (over a beer!): - full disclosure - wireless security/future - certifications (CISSP, SANS, CEH...) - cons - describe the security/insecurity of their own network, home or at work (obviously this can be touchy, but give them the trust that you won't blab anything they may tell you if you know their employer); insecure habits may not indicate lack of passion, but chances are they know the right thing to do and just have not had the means/resources/time/backing to do it. "Yeah, I know I should get hooked up with a proxy when I connect to IRC, I just haven't done it yet, too many other things excite me..." or "Yeah, we should block IM on the firewall at work, but every time I do, the CFO cries bloody murder..." - their website/blog (or their fav sites/tools) - what web browser they use - OS preferences/experience (a touchy subject as you never know violent fanboys until you encite them, but still a very revealing subject) <-snip-> Evening, Showing my age I'm finding it increasingly difficult to find security geeks who are truly passionate about security. There seems to be a recent trend in unpassionate people chasing either the money, an easy ride or something that isn't as dull as network or system administration. So how would you identify passion quickly, personally I like what cons have you been to? If they are passionate but poor they would reply none but I'd like to .... What books have they bought, what tools do they use what sites do they visit email them at night and see how long it takes them to reply what else? -- Andy Cuff Computer Network Defence Ltd www.SecurityWizardry.com --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Identifying passion for security? andy cuff (Dec 04)
- RE: Identifying passion for security? Shain Singh (Dec 06)
- RE: Identifying passion for security? Don Parker (Dec 06)
- Re: Identifying passion for security? Jason Muskat, GCFA, GCUX, de VE3TSJ (Dec 06)
- Re: Identifying passion for security? Morgan Reed (Dec 06)
- Re: Identifying passion for security? Justin Lintz (Dec 06)
- <Possible follow-ups>
- Re: Identifying passion for security? krymson (Dec 06)
- RE: Identifying passion for security? Krpata, Tyler (Dec 08)
- Re: RE: Identifying passion for security? bardotherevolting (Dec 12)
- Re: RE: Identifying passion for security? Yousef Syed (Dec 12)
- RE: RE: Identifying passion for security? Shain Singh (Dec 14)
- Re[3]: Identifying passion for security? Roman Shirokov (Dec 13)
- Re: RE: Identifying passion for security? Yousef Syed (Dec 12)
- RE: Identifying passion for security? krymson (Dec 13)
- RE: Identifying passion for security? andy cuff (Dec 14)
- RE: Identifying passion for security? Joseph McCray (Dec 18)
- Re: Identifying passion for security? jm (Dec 19)
- RE: Identifying passion for security? andy cuff (Dec 14)
- Re: Identifying passion for security? Dagmar d'Surreal (Dec 14)