funsec mailing list archives

Re: Citizen cyber-protectors?

From: Kyle Creyts <kyle.creyts () gmail com>
Date: Thu, 19 Jul 2012 04:24:38 -0700

I am part of the 1%.
On Jul 19, 2012 2:31 AM, "Drsolly" <drsollyp () drsolly com> wrote:

If someone can't be bothered to write their thoughts down, and require me
to spend 20 minutes to watch a video giving views that I could have read
in one minute, then I'm not going to devote my time to listen to them.

Since I haven't heard what he has to say, I cannot comment on his views.
Except to point out that 99% of people are as interested in computer
security as they are in beetle collecting. And anything that depends on
them being more interested than that, or better informed, is doomed.

On Wed, 18 Jul 2012, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:

Marc Goodman (who I believe is https://twitter.com/FutureCrimes and
http://www.futurecrimes.com/ ) gave a recent TED talk on trends in the

use of

high technology in crime:

http://www.ted.com/talks/marc_goodman_a_vision_of_crimes_in_the_future.html


The 20 minute talk is frightening, with very little in the way of

comfort for the

protection or security side.  He ends with a call for crowdsourcing of

protection.


Now as a transparent society/open source/full disclosure kind of guy, I

like the

general idea.  But, as someone who has been involved in education,

security

awareness, and professional security training for some time, I see a few

problems.

For crowdsourcing to work, you need a critical mass of at least

minimally capable

people.  When you are talking about a weather reporting app, that minimal
capability isn't much. When you are talking about detecting cyberwar or
bioweapons, the capability levels are a bit different.

Just yesterday the PNWER (Pacific NorthWest Economic Region
http://www.pnwer.org/ ) conference became the latest to bemoan the lack

of

trained employees.  I rather suspect these constant complaints, since I

see lots of

people out of work.  But the people who are whining about employees are

just

looking for network admins and such.  We need people with more depth and

more

breadth in their backgrounds.  I get CISSP candidates in my seminars who

are

network admins who simply want to know a few ACLS for firewalls.  I have

to

keep telling them that security professionals need to know more than

that.


Yes, I am privileged to be able to meet a number who *are* interested in

learning

everything possible in order to meet any need or problem.  But,

relatively

speaking, those are few.  And my sample set tends to be abnormal, in

that these

are people who have already shown some interest in training (even if

only job

related).  What Goodman is talking about is the general public.  And

those of us

who have actually tried security awareness know how little conceptual

awareness

we have to build on, let alone advanced technical knowledge.

I think awareness, self-protection, and crowdsourcing is probably the

only good

way to approach the problems Goodman outlines.  I just worry that we

have a long

way to go.

http://blogs.securiteam.com/index.php/archives/1793

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
On Friday, January 23rd, 2004, in a speech at the World Economic
Forum in Davos, Switzerland, Bill Gates stated `Two years from
now, spam will be solved.'
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Citizen cyber-protectors? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 18)
- Re: Citizen cyber-protectors? Drsolly (Jul 19)
  - Re: Citizen cyber-protectors? Kyle Creyts (Jul 19)
    - Re: Citizen cyber-protectors? Drsolly (Jul 19)
    - Re: Citizen cyber-protectors? Kyle Creyts (Jul 19)
    - Re: Citizen cyber-protectors? Drsolly (Jul 19)
    - Re: Citizen cyber-protectors? michael.blanchard (Jul 19)
    - Re: Citizen cyber-protectors? Drsolly (Jul 19)
    - Re: Citizen cyber-protectors? michael.blanchard (Jul 19)
    - Re: Citizen cyber-protectors? valdis . kletnieks (Jul 19)
    - Re: Citizen cyber-protectors? Drsolly (Jul 19)
    - Re: Citizen cyber-protectors? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 19)
    - Re: Citizen cyber-protectors? Kyle Creyts (Jul 19)