Specialise to survive?

[cybereagle at gmail.com (Matt Hillman)]

I'm surprised no one has made the argument that security IS a specialisation
within computing hehe. Guess that goes to show how far the field has come
(both computing in general, and computer security). There has to be a
computer scientist laughing at this somewhere.

Anyway, my 2 cents is this: being on the offensive side of security, its
important for me to know as wide a spectrum of things as possible. Every
aspect of security (and even many other things!) enriches my overall
perspective and ability. Things might not be directly connected, but having
a level of understanding and proficiency in seemingly unrelated things can
still help a great deal. This is kind of being a generalist.

However, that doesn't mean I can't specialise as well. To me the real
question is how much to specialise in each thing. And the best balance
depends a lot on what it is you are doing or want to be doing. Now the
original question seemed more focused around how
specialisation/generalisation benefits an individual, but it also helps to
see it in the context of a team. A good team has people with broad knowledge
overall, with certain people who knows certain things in more depth. You can
all pretty much do most jobs, but there are goto guys for stuff too. If you
want to bring it back to an individual level, think about how you could
benefit such a healthy team. Would you be too narrow to deliver different
work, or would you lack an edge of specific knowledge you could bring to the
table, or suitable depth of knowledge.

Another question is how specific a specialisation is. If you have something
highly specific, like Tims example of "forensic analysis of devorak
keyboards for AS/400 systems emulating Apple IIc systems", you probably want
to balance that out with some more generalist tendencies. "reverse
engineering for x86 linux" is less specific, and "reverse engineering" is
less specific again.

Looked at in this way, "specialise or not" doesn't seem to black and white.
Kind of like an ecosystem of skills.

Plus, the hacker in me does whatever is funnest regardless, so a certain
level of generalism isn't a decision, its a curious compulsion ;)


On Sun, Aug 16, 2009 at 9:30 PM, Michael Douglas <mick at pauldotcom.com>wrote:

> I've been pretty surprised, but things went well.  I'm starting to
> believe that most people want to do what's right (provided that it's
> not *that* hard) but they just don't know how.
>
> Full disclosure: I've finally found a big element of success is social
> engineering the folks who I need to attend.  For instance, Clueless
> Carl is an eager eBay buyer, and was one of the first to sign up for a
> talk I titled "eBay the safe way" and the content was mainly just what
> you'd expect... but then toward the end I took a swerve and started
> talking about malicious browser objects and how attackers might steal
> your eBay logins... I saw a dramatic reduction in the number of folks
> who got drive-by downloads.
>
> I'm starting to work on another class about how devs need to sanitize
> user input, we'll see how that goes!  (fingers crossed!)
>
>
>
> On Sun, Aug 16, 2009 at 1:11 PM, Jason Wood<tadaka at gmail.com> wrote:
> > > And that's why I now offer up network 101 classes (and a series of
> > > others) to *anyone* who wants to attend.
> >
> > Mick,
> > I'm glad you made this comment and that you've started doing this.  How
> are
> > the classes going
> > and what impact has it had on Carl and the organization?
> >
> > I've thought a lot about this idea right here, but never gotten off my
> butt
> > to put one together.
> > I've worked with a few Clueless Carls and while I can cuss about them
> real
> > good, I've never
> > done much other than give a terse lecture on why X was a really bad idea.
> >
> > So to jack the thread even further, perhaps I'm not doing enough to make
> > sure Carl doesn't
> > remain clueless.  Carl has the major portion of that responsibility, but
> for
> > the good of my
> > sanity and the organization, some 101 classes may be in order.
> >
> > Jason
> >
> > On Sun, Aug 16, 2009 at 8:38 AM, Michael Douglas <mick at pauldotcom.com>
> > wrote:
> > > Yes, specialists with a lack of skill in other areas can be truly
> > > dangerous.
> > >
> > > Funny & true story (details of where this happened omitted to protect
> > > the guilty)
> > >
> > > One day I saw our IDS system explode with alarms about some truly
> > > horrific network traffic, at the same time, our host monitoring system
> > > started showing web servers winking out of existence.  Evil was afoot.
> > >
> > > As I was about to run to the server room, a DBA we'll call Clueless
> > > Carl came over.  And asked the most horrifying question I've ever
> > > heard.
> > >
> > > Carl: "Mick, I just ran into a strange ping problem.  When I send
> > > pings that are over 2.5 meg in size I'll get a response back once...
> > > but then the rest time out."
> > > Me: (I made a squeaking "urk" type sound) ...  what?
> > > Carl:  You know ping.  I need to test the network. Ping's how you do it.
> > > Me: well... sometimes.  Did you say 2.5 Meg?  As in megabytes? via ping?
> > > Carl: (clearly exasperated) YEAH!  We're having trouble with the TPS
> > > reports... some of the results don't display in the browser right.
> > > Looking at the table the result set is a bit under 2.5 Meg.  So I
> > > wanted to see why the network can't handle data sets that large.  We
> > > have a problem here!
> > > Me: You have no idea!  (evil grin)
> > >
> > >
> > > And that's why I now offer up network 101 classes (and a series of
> > > others) to *anyone* who wants to attend.
> > >
> > >
> > > Sorry to thread jack, but it was too good to pass up!
> > > - Mick
> > >
> > >
> > > On Sun, Aug 16, 2009 at 10:07 AM, Raffi
> > > Jamgotchian<raffi at flossyourmind.com> wrote:
> > > > That's precisely what's wrong about your argument. Your asumption is
> > > > that the generalist doesn't have deep understanding in any subject.
> > > >
> > > > A good generalist can do the work of many people. But the same good
> > > > generalist needs to know when to call in for help.
> > > >
> > > > In my experience, present company excluded of course, specialists that
> > > > are typically so narrow in thinking cause more issues than not.
> > > > Because they don't completely understand the affects on surrounding
> > > > disciplines.
> > > >
> > > > ----
> > > > Raffi
> > > >
> > > > On Aug 16, 2009, at 8:49 AM, Shane Kelly <shane at nightcoder.org>
> wrote:
> > > > > I think you are going to have incompetent people at either side of
> the
> > > > > spectrum.
> > > > > You could argue that generalists are multi-handed specialists / or
> > > > > that specialists do not have sufficient understanding of surround
> > > > > areas.
> > > > > You could also argue that generalists do not have enough technical
> > > > > understanding or patience to pursue a given specialism.
> > > > >
> > > > > It ultimately comes down to how must time and effort people are
> > > > > willing to invest in understanding their acclaimed subject. IMHO, you
> > > > > can not encapsulate peoples skill level at a 100 foot view of there
> > > > > depth into the subject. You need people in both sides of the field.
> > > > > Generalists to have enough knowledge to understand where
> organisations
> > > > > should focus efforts.
> > > > > Specialists to focus on that area and have deep technical knowledge
> of
> > > > > that area to ensure a quality work is performed.
> > > > >
> > > > > In my view, generalists make good sales people, specialists get
> > > > > recognised in the security field for there technical achievements.
> > > > >
> > > > > Shane
> > > > >
> > > > >
> > > > > 2009/8/16 Raffi Jamgotchian <raffi at flossyourmind.com>:
> > > > > > Hear hear. Whether a generalist or a specialist, hubris will bite
> > > > > > you.
> > > > > >
> > > > > > ----
> > > > > > Raffi
> > > > > >
> > > > > > On Aug 15, 2009, at 10:35 PM, Michael Douglas <mick at pauldotcom.com>
> > > > > > wrote:
> > > > > >
> > > > > > > > jack of all trades messed up the environment
> > > > > > >
> > > > > > > OK this is the one area where I wasn't too clear on the earlier
> > > > > > > thread.  I'm assuming that you are competent in everything that you
> > > > > > > say you're going to do.  Unfortunately, this isn't the case.  There
> > > > > > > are many Jerks of All Trades who will mess things up badly.
> > > > > > >
> > > > > > >
> > > > > > > For those who mentioned it above, yes being a generalist does tend
> > > > > > > to
> > > > > > > get you in the small and medium sized businesses... but there are
> > > > > > > exceptions... take my day job for instance.  For those of you who
> > > > > > > don't know, I work at OCLC -- a non-profit library coop.  We're
> what
> > > > > > > I'd consider large.  We have over 72,000 libraries in our
> > > > > > > collective.
> > > > > > > We have a database with holdings information on about 1.2 billion
> > > > > > > (yes
> > > > > > > billion) records (books and other stuff).  We have a few thousand
> > > > > > > servers... yet they hired me...  A generalist!
> > > > > > >
> > > > > > > I'm a generalist... but a big part of my ability to get things
> > > > > > > done is
> > > > > > > admitting what I don't know.  For instance, a big part of my skill
> > > > > > > with forensics is how I DON'T mess up data.  If things get to hairy
> > > > > > > for me, I can wrap things up and call in folks who are better than
> > > > > > > me
> > > > > > > (and remember, there ALWAYS is someone better than you -- thinking
> > > > > > > otherwise is the first step on the path to destruction)
> > > > > > >
> > > > > > > knowing when to sit down and hack or when to walk away is probably
> > > > > > > the
> > > > > > > greatest skill anyone in computers can have!
> > > > > > >
> > > > > > > - Mick
> > > > > > >
> > > > > > >
> > > > > > > On Sat, Aug 15, 2009 at 2:42 PM, John Navarro<jnavtx at gmail.com>
> > > > > > > wrote:
> > > > > > > > Good point Tim!
> > > > > > > > Robert, I do think that a "jack of all trades" type will fit in
> > > > > > > > better to
> > > > > > > > smaller companies, whereas the specialized, from my experience,
> > > > > > > > seem to have
> > > > > > > > a better chance at getting into larger corporations. It was never
> > > > > > > > my
> > > > > > > > intention to be "specialized", but having worked at a firewall
> > > > > > > > vendor it was
> > > > > > > > just easier to find those opportunities that required a specific
> > > > > > > > skillset.
> > > > > > > > Of course it could be that the jack of all trades messed up the
> > > > > > > > environment
> > > > > > > > and they needed someone specialized to come in and clean it up ;)
> > > > > > > >
> > > > > > > > On Sat, Aug 15, 2009 at 8:16 AM, Tim Krabec <tkrabec at gmail.com>
> > > > > > > > wrote:
> > > > > > > > > Don't forget your specialization does not have to be computer/
> > > > > > > > > program
> > > > > > > > > related
> > > > > > > > >
> > > > > > > > > You don't have to specialize in "forensic analysis of devorak
> > > > > > > > > keyboards
> > > > > > > > > for AS/400 systems
> > > > > > > > > emulating Apple IIc systems"
> > > > > > > > > You could specialize in database recovery for small businesses.
> > > > > > > > > Or BCP &
> > > > > > > > > DR for law offices or real estate companies.
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Tim Krabec
> > > > > > > > > Kracomp
> > > > > > > > > 772-597-2349
> > > > > > > > > smbminute.com
> > > > > > > > > kracomp.blogspot.com
> > > > > > > > > www.kracomp.com
> > > > > > > > >
> > > > > > > > > _______________________________________________
> > > > > > > > > Pauldotcom mailing list
> > > > > > > > > Pauldotcom at mail.pauldotcom.com
> > > > > > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > > > > > Main Web Site: http://pauldotcom.com
> > > > > > > >
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Pauldotcom mailing list
> > > > > > > > Pauldotcom at mail.pauldotcom.com
> > > > > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > > > > Main Web Site: http://pauldotcom.com
> > > > > > > _______________________________________________
> > > > > > > Pauldotcom mailing list
> > > > > > > Pauldotcom at mail.pauldotcom.com
> > > > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > > > Main Web Site: http://pauldotcom.com
> > > > > > _______________________________________________
> > > > > > Pauldotcom mailing list
> > > > > > Pauldotcom at mail.pauldotcom.com
> > > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > > Main Web Site: http://pauldotcom.com
> > > > > _______________________________________________
> > > > > Pauldotcom mailing list
> > > > > Pauldotcom at mail.pauldotcom.com
> > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > Main Web Site: http://pauldotcom.com
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> >
> > --
> >
> > irc: Tadaka
> > Twitter:  Jason_Wood
> > jwnetworkconsulting.com
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090818/5a186d81/attachment.htm