Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous

[n3td3v <xploitable () gmail com>]

On Wed, Oct 1, 2008 at 9:29 PM,  <Valdis.Kletnieks () vt edu> wrote:
> On Wed, 01 Oct 2008 08:59:16 PDT, Trevow Andrews said:
>
> > No real research has even come out of Paul and Larry
>
> And? So? You *do* realize that "kick-ass researcher" doesn't directly imply
> "kick-ass teacher", right?  Quite often, the best researchers make *really bad*
> teachers, because the same autism-spectrum and ADD issues that allow them to
> focus on things when researching mean they *suck* at presentations.  If
> you've ever been to college, and gotten somebody who's got a zillion papers
> published, but the class sucks because they can't lecture well, you've seen
> this in action.
>
> The second issue is that teaching chews incredible amounts of time, and
> directly impacts how much, if any, research you do - if you're on the road
> 3 weeks of the month teaching, I guarantee that you'll not get much done the
> other week.  Sure, you may have spent 3 weeks teaching a *lot* of people a
> *lot* of material, and had them all actually remember it - but your research
> schedule takes a hit.
>
> The third thing to keep in mind is that "bleeding edge" doesn't always (and
> in fact rarely, if ever) correspond to what's out in the real world. OK, so
> you're peeved because the guy talked about WRT54G and didn't cover Kamikazi.
> Have you bothered to actually *check* what the relative percentages *actually
> in use* are?  Yeah, Kamikazi may be cool, shiny, and uber-leet - but if it's
> only got 5% market share and WRT54G has 95%, maybe he shouldn't be spending
> a lot of time covering Kamikazi.
>
> Yes, SANS presentations often lag behind what's the cutting edge - but they're
> teaching people about stuff they're likely to actually encounter.  When they
> send new cops to police school, they rarely spend lots time on how to pull over
> a Ferrari, but they're hopefully going to learn a *lot* about all the little
> details of pulling over a pickup truck (where to look for stuff in "plain
> sight", where weapons may be stashed, etc).  Why? Because they're going to be
> pulling over dozens of pickup trucks a week, and maybe *once* in their lifetime
> they're going to get to pull over a Ferarri.
>
> You remember that big horrible DNS hole from a few weeks ago?  How many you
> seen in the wild so far?  And how many system you seen that actually gotten
> whacked with a 4-year-old SQL exploit?
>
> Yep, thought so.
>
> (For all I know, these guys may indeed be sucky presenters *and* sucky
> researchers - but I'm getting tired of the  meme that it has to be taught
> by a "leading researcher" for it to be of use - especially when you're trying
> to teach nuts-n-bolts security to Joe Corporate.  And if you think it's that
> easy to teach - start doing it.  Undercut SANS, charge only $1000 per head,
> teach a class of 20 a week.  You're looking at $80K of income *a month*.
> Now ask yourself why there aren't *more* people doing it...)

I take it we can safely say Valdis is a fanboy of Sans and Pauldotcom
then! Its a shame nobody else is.. ;)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/