Re: Who stay focused? (was: [Fwd: Question])

[Devdas Bhagat <dvb () users sourceforge net>]

On Thu, Apr 16, 2009 at 08:09:05PM +0400, ArkanoiD wrote:
<snip>
> Have you noticed those? Those guys who started in early 2000s and who are
> *experienced professionals* now? They are not visionaries, nor scientists

Hey, I resemble that remark.

> (not am i, though), they are not bright minds either. You do not see them
> on any security conferences (well, actually there *are* conferences they
> attend, they are just different ones we consider boring), they do not show

Honestly, if I could afford to travel to a security conference (or two), I
would. At this point, all conference funding comes out of my pocket and
my personal budget is highly limited.

> up on any workgroups or technical commetees, they do not invent and more,
> they do not really have a clue to stay on the leading edge (how
> ridiculously does it sound when applied to our pretty conservative field,

That depends on what bits of infosec you consider bleeding edge. For
most applications, the security rules are fairly well known and attacks
don't change all that often.

If you can't fix the holes, and bandages don't work very well, you have
to give up and work on where you can make a change. My current areas of
focus are on outbound filtering (rather than inbound) and education.
Applying Postel's law to networks and networked applications is useful.

The nicest thing about the stock market collapse is that it is a glaring
example of bad things happening. "It would never happen to us" does not
apply in the real world.

Don't try and sell things because they are the right thing to do. That
doesn't work. Pointing out how their lack of security will impact operations
helps (You will be infected by a virus, it will try to propagate and consume
expensive internet bandwidth. You will be blocked for spamming.) Management
doesn't understand security, but they understand reputation.

Most people don't think in terms of worst case scenarios. That's what I
learnt from The Black Swan. We are exceptions to that rule. We think
almost solely in terms of rare, worst case scenarios. I have moved to
waiting for disaster to strike, and then recovering the pieces. Take
my advice and don't blow up, don't take my advice and blow up
spectacularly. If you are lucky, you will be too big to fail.

> but there *is* something like that). They just do their *carreer*. And
> they do it quite well, even more: they do not give a shit about who you
> are and what can you do - there are other things that count, like "did
> you have a senoir management job at company we do respect"
> (no one even cares if you performed there good enough, the signle fact
> that you were there is what that counts) and they are always welcome in
> the corporate world.
>
> So i am just a loser who did not get into that pack in time and now it
> is too late. I did not care about money much and i did not care about
> the carreer much, i just tried to do something to make this crazy world
> a little bit sane. And i failed epically. There are some positive changes

Meh. Epic failure is better than not trying at all. You never know when
success will happen. Or why. Or how.

Devdas Bhagat
-- 
Slumdog sysadmin
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards