Full Disclosure mailing list archives

RE: Where to start

From: "Curt Purdy" <purdy () tecman com>
Date: Tue, 9 Mar 2004 10:45:11 -0600

Aschwin Wesselius wrote:

Does a good security-officer have to know everything about
every hole?


If that were true there would be no sec-offs.

If I see lists and forums about network-security it seems
that everybody
knows a lot and has a huge reference base. Is this true?


Although I don't pretend to be "an expert", knowledge tends to come in one
of two flavors, narrow and deep, and wide and shallow.  I find in my field
it is best to have as wide a knowledge as possible while continually working
to deepen it as much as possible.  Security researches may argue with this
because of their need to focus on coding.  I would not argue with this but
Perl is about as deep as I go there.

I also would not argue with schooling, though I have had none since
graduating college in '76 (when I went back to visit the next year, walked
in and saw the punch card machines replaced by green screens and everyone
interactively entering code straight into the mainframe, I thought it was
the most amazing technological transformation in history).  I prefer the
school of hard-knocks and have the grey hair to prove it ;)

Just because there are discussions, it seems that there is not one
overall and central way of keeping track of evolving issues. How do
people keep track easily with up to date best practices and not get
distracted by "old" advisory?


I'm waiting for Google to write a search engine for brains.  Until then a
Palm will have to do along with Fish Oil (the only natural source of the
same protiens your brain is made of, and goog for your heart too.  And also
the reason human ancestors that were coastal dwellers beat out Neanderthals
that were hunters).

Sorry for rambling.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Where to start Aschwin Wesselius (Mar 09)
- RE: Where to start Curt Purdy (Mar 09)
- Re: Where to start Andrew J Caines (Mar 09)
- RE: Where to start Aditya, ALD [Aditya Lalit Deshmukh] (Mar 10)
  - Re: [11:29:07 security.rc] RE: Where to start Aschwin Wesselius (Mar 10)
- <Possible follow-ups>
- Where to start Andrew Aris (Mar 09)
  - Re: Where to start petard (Mar 09)
  - RE: Where to start Andrew Aris (Mar 10)
    - Looking for MSN Exploit Na7aS (Mar 11)
    - Re: Looking for MSN Exploit Richard Maudsley (Mar 11)
    - Re: Looking for MSN Exploit Byron Copeland (Mar 11)
    - RE: Looking for MSN Exploit Replugge[ROD] (Mar 11)