Specialise to survive?

[allen.deryke at hushmail.com (allen.deryke at hushmail.com)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm of the opinion that the core question of this tread could be
answered by looking at other industries.  Specialization in any
given industry is entirely driven by demand, and demand fluctuates
easily to outside influence.  In short from a survivability
standpoint, there are more INFOSEC jobs then Penetration Testing
Jobs, and there are certainly more Network Security jobs then
Firewall jobs.  If you hit a rough patch in your career I think you
may want to have a resume handy showing how broad your skill set
is.  That said your specialization(s) are whats going to set you
apart from other potential candidates.

Rather then a jack of all trades master of none, I strive to be a
jack of most trades and master of a few.  A specialist can
certainly be a loose cannon when operating outside of his scope, no
different from a generalist who's in over his head who risks
overlooking critical details.  As professionals we need to not only
recognize our strengths and short comings, but also be willing to
call upon assistance when needed.  This is truly a separate topic
worthy of further discussion.

In my experience at two very large US telecommunication companies;
I would say that a generalist may not be what HR was looking for,
but its certainly what they needed.  Large organizations suffer
huge productivity losses due to over-specialization.  I've spent
far to many hours of my life on a conference bridge of 20-30
specialists that barely understand their role in a more involved
incident response.  Certainly having three different teams assigned
to defining firewall policy, implementing firewall policy, and
documenting firewall policy can quickly make the work environment
less responsive and more bureaucratic.

In summary I would argue in favor of the generalist who's chosen a
specialty to devote 20-40% of his/her focus.  When thinking of
survivability you cannot afford to be short sighted, as your career
develops you will likely become more responsible for broader areas
of an organizations security. That said an experienced generalist
will certainly be able to cover these areas more effectively.  The
is especially important should you develop managerial ambitions.  I
would certainly be afraid of a CISO that spent 20 years only doing
client side anti-virus deployments.

Allen DeRyke

PS.  I would try to remain somewhat vendor neutral regardless of
your specialization, you may never need to know Juniper in a Cisco
environment but when it comes to survivability you would certainly
want to say ?Yes, I know that? rather then ?Well my thing is really
$vendor, but they went out of business?

On Sun, 16 Aug 2009 10:07:00 -0400 Raffi Jamgotchian
<raffi at flossyourmind.com> wrote:
> That's precisely what's wrong about your argument. Your asumption
> is
> that the generalist doesn't have deep understanding in any
> subject.
>
> A good generalist can do the work of many people. But the same
> good
> generalist needs to know when to call in for help.
>
> In my experience, present company excluded of course, specialists
> that
> are typically so narrow in thinking cause more issues than not.
> Because they don't completely understand the affects on
> surrounding
> disciplines.
>
> ----
> Raffi
>
> On Aug 16, 2009, at 8:49 AM, Shane Kelly <shane at nightcoder.org>
> wrote:
>
> > I think you are going to have incompetent people at either side
> of the
> > spectrum.
> > You could argue that generalists are multi-handed specialists /
> or
> > that specialists do not have sufficient understanding of
> surround
> > areas.
> > You could also argue that generalists do not have enough
> technical
> > understanding or patience to pursue a given specialism.
> >
> > It ultimately comes down to how must time and effort people are
> > willing to invest in understanding their acclaimed subject.
> IMHO, you
> > can not encapsulate peoples skill level at a 100 foot view of
> there
> > depth into the subject. You need people in both sides of the
> field.
> > Generalists to have enough knowledge to understand where
> organisations
> > should focus efforts.
> > Specialists to focus on that area and have deep technical
> knowledge of
> > that area to ensure a quality work is performed.
> >
> > In my view, generalists make good sales people, specialists get
> > recognised in the security field for there technical
> achievements.
> > Shane
> >
> >
> > 2009/8/16 Raffi Jamgotchian <raffi at flossyourmind.com>:
> > > Hear hear. Whether a generalist or a specialist, hubris will
> bite
> > > you.
> > >
> > > ----
> > > Raffi
> > >
> > > On Aug 15, 2009, at 10:35 PM, Michael Douglas
> <mick at pauldotcom.com>
> > > wrote:
> > >
> > > > > jack of all trades messed up the environment
> > > >
> > > > OK this is the one area where I wasn't too clear on the
> earlier
> > > > thread.  I'm assuming that you are competent in everything
> that you
> > > > say you're going to do.  Unfortunately, this isn't the case.
> There
> > > > are many Jerks of All Trades who will mess things up badly.
> > > >
> > > >
> > > > For those who mentioned it above, yes being a generalist does
> tend
> > > > to
> > > > get you in the small and medium sized businesses... but there
> are
> > > > exceptions... take my day job for instance.  For those of you
> who
> > > > don't know, I work at OCLC -- a non-profit library coop.
> We're what
> > > > I'd consider large.  We have over 72,000 libraries in our
> > > > collective.
> > > > We have a database with holdings information on about 1.2
> billion
> > > > (yes
> > > > billion) records (books and other stuff).  We have a few
> thousand
> > > > servers... yet they hired me...  A generalist!
> > > >
> > > > I'm a generalist... but a big part of my ability to get things
>
> > > > done is
> > > > admitting what I don't know.  For instance, a big part of my
> skill
> > > > with forensics is how I DON'T mess up data.  If things get to
> hairy
> > > > for me, I can wrap things up and call in folks who are better
> than
> > > > me
> > > > (and remember, there ALWAYS is someone better than you --
> thinking
> > > > otherwise is the first step on the path to destruction)
> > > >
> > > > knowing when to sit down and hack or when to walk away is
> probably
> > > > the
> > > > greatest skill anyone in computers can have!
> > > >
> > > > - Mick
> > > >
> > > >
> > > > On Sat, Aug 15, 2009 at 2:42 PM, John
> Navarro<jnavtx at gmail.com>
> > > > wrote:
> > > > > Good point Tim!
> > > > > Robert, I do think that a "jack of all trades" type will fit
> in
> > > > > better to
> > > > > smaller companies, whereas the specialized, from my
> experience,
> > > > > seem to have
> > > > > a better chance at getting into larger corporations. It was
> never
> > > > > my
> > > > > intention to be "specialized", but having worked at a
> firewall
> > > > > vendor it was
> > > > > just easier to find those opportunities that required a
> specific
> > > > > skillset.
> > > > > Of course it could be that the jack of all trades messed up
> the
> > > > > environment
> > > > > and they needed someone specialized to come in and clean it
> up ;)
> > > > > On Sat, Aug 15, 2009 at 8:16 AM, Tim Krabec
> <tkrabec at gmail.com>
> > > > > wrote:
> > > > > > Don't forget your specialization does not have to be
> computer/
> > > > > > program
> > > > > > related
> > > > > >
> > > > > > You don't have to specialize in "forensic analysis of
> devorak
> > > > > > keyboards
> > > > > > for AS/400 systems
> > > > > > emulating Apple IIc systems"
> > > > > > You could specialize in database recovery for small
> businesses.
> > > > > > Or BCP &
> > > > > > DR for law offices or real estate companies.
> > > > > >
> > > > > > --
> > > > > > Tim Krabec
> > > > > > Kracomp
> > > > > > 772-597-2349
> > > > > > smbminute.com
> > > > > > kracomp.blogspot.com
> > > > > > www.kracomp.com
> > > > > >
> > > > > > _______________________________________________
> > > > > > Pauldotcom mailing list
> > > > > > Pauldotcom at mail.pauldotcom.com
> > > > > > http://mail.pauldotcom.com/cgi-
> bin/mailman/listinfo/pauldotcom
> > > > > > Main Web Site: http://pauldotcom.com
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Pauldotcom mailing list
> > > > > Pauldotcom at mail.pauldotcom.com
> > > > > http://mail.pauldotcom.com/cgi-
> bin/mailman/listinfo/pauldotcom
> > > > > Main Web Site: http://pauldotcom.com
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkqILV4ACgkQDIjDYcBm5pbBtAQAnaBIgq4OsorqzzXTDO7p697T+yyN
HvRdMkIwzow9JkQwgYyo8Ob8B7bpRVhLAhoIPqIvU88iyoMW41zTWKHdRqmyAI9pqUZQ
v2lcagrg28NHIKCRNg06nrKcuA5y80gARxZg34+SfZBNBvenucqSGi59914mvMvUzdh6
lSV0BOc=
=zZQp
-----END PGP SIGNATURE-----