WE NEED SECURITY PROS ZOMGWTFBBQ

Started by deanwebb, April 17, 2015, 09:23:11 AM

Previous topic - Next topic

icecream-guy

I read the SANS ISC web site almost every day.  I like security and all, but they go deep sometimes, to places I wouldn't want to go as a professional. It takes a special mindset to get waist deep in the security trenches, and I can't see any entry level security professionals going there, at least without significant training.
:professorcat:

My Moral Fibers have been cut.

deanwebb

True, true. But that may be what we have to do, given how there's such a massive demand... and it's not like lots of money attracts people to a job. There are unfilled jobs in R&S, just as in security, but people leave off of a networking career because "it's hard" and "there seems to be lots of math".
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

#32
Quote from: deanwebb on May 05, 2015, 11:17:36 AM
True, true. But that may be what we have to do, given how there's such a massive demand... and it's not like lots of money attracts people to a job. There are unfilled jobs in R&S, just as in security, but people leave off of a networking career because "it's hard" and "there seems to be lots of math".

so rather than it's being hard,  they are going to reverse engineer some malware, to determine what it's actually doing?
is that _not hard_?  I've never done it. so I don't know if it's hard or not. Ya really gotta be a detective and really good at puzzles.  I See the demand,  I also see the workload,  for myself I don't want to go down that road.

I'm quite happy working with Cisco announcements, CVE's, Nessus scans, to determine vulnerabilities on my devices, analyzing the announcements, and verifying devices and configs to determine if the device is actually vulnerable, looking at services, mitigating, or reading release notes, doing bug searches, downloading, testing, staging new code,  scheduling outages, sending notifications, performing IOS upgrades, and verifying that the device is no longer vulnerable.   This keeps me quite busy. It one of my major tasks here where I work, by default, because nobody else wants to do it.  but I enjoy it. but that's as deep into security as I really desire to go.  it's alot of work, especially these days with the number of Cisco advisories that are being updated every few days.  But this is a great way for someone to get their feet wet, before moving into the hardcore security analyst position.

'
:professorcat:

My Moral Fibers have been cut.

deanwebb

Quote
because nobody else wants to do it

Honestly, I wonder how much I can get away with because it'll be so hard finding my replacement... but my sense of professional pride keeps me from exploring that temptation.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.