Date: Tue Dec  6 17:05:45 2005
From: pwicks at oxygen.com (J. Patterson Wicks)
Subject: IT security professionals in demand in 2006

What does being able to write code have to do with physically securing a
data center?  What does being able to write code have to do planning for
disaster recovery?  There is more to IT security than exploits and
viruses.  Business (both big and small) need professionals to interface
with the different divisions within an organization.  I don't know a lot
of security professionals that can explain the mechanism used by a virus
to circumvent AV software detection.  I also don't know a lot of coders
who can explain to the legal department the SOX standards for email and
IM retention.  Most of my "security professional" peers operate at the
mid-to-upper management level and must provide a secured environment to
many sites throughout the country.  Although some of my peers were
originally coders, only a fraction of their time now involves coding, if
at all. 

 

"Security professionals" fill a lot of different roles for a lot of
different organizations.  Just like there are generalists when it comes
to the medical profession, there are generalist in the security
profession who use automated tools.  If the security professional
detects strange code during his/her automated scan, they would then
consult with a security professional with a strong coding background to
fix any problem that might be occurring.  Just as a general practitioner
consults with an oncologist if he thinks that his patient has cancer.

 

As the previous poster stated, the business must hire the right person
for the job.  If the business has an in-house "security professional",
the business must make sure that the person has enough integrity to
"know when he/she does not know enough", and that he/she will consult
with specialized security personnel as needed.  

 

________________________________

From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of 6ackpace
Sent: Tuesday, December 06, 2005 4:20 AM
To: gautam.singh+spam@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] IT security professionals in demand in
2006

 

Certification have their place in the industry.it is a base line to
judge a person and his technical knowledge.

yes i agree to you all about the fact that people with little knowledge
or no knowledge doing this certifications.Also they this certificates
require some prerequisites to write.

 

bottom line:it's up to the industry to select right person for right
jobs.

 

thank you

 

6ackpace


 

On 12/6/05, Gautam R. Singh <gautam.singh@...il.com> wrote: 

"do we need to code our own OS to be an OS/System administrator" :-P

 

I think well u usually dont, but u should know the "inner workings" of
it :)

But it always good if u code ur own os :)

 

On 12/5/05, sk <sk@...undzero-security.com > wrote: 

CISSP is bullshit. as eeye said 99% of the security consultants do their
pen-tests with automated tools which is pathetic in my opinion. 
if you cant write exploits, you are no professional, more like a steam
blower. how can someone be professional when he doesnt
even understand how an exploit works in deep? what if there are custom
scripts or exotic daemons installed? without beeing able to audit 
code and understand how certain bugs are beeing exploited, how can
someone
think he got enough clue to do a professional security audit?
its just a rip off of the customers as simple as that. or would you pay
someone to run an automated tool against your host, sit back and wait
till a nice pdf statistic is generated so he got something to present to
you? of course you wouldnt. in the 90s the people still had to learn on
their own and all the mainstream hackers who speak at your conventions
didnt
learn their knowledge from stupid class rooms.
everyone who thinks hes a security professional or even a hacker after
he
made some certs, is just living in a dream world. 
then again the media plays well with the steam blowers so they can make
a
nice living..
sorry i just had to say that since its going on my nerves how all these
people suddenly think their stupid certs make em special, but then if 
it comes to knowledge everyone is cluless...

-sk
----- Original Message -----
From: "Ivan ." < ivanhec@...il.com <mailto:ivanhec@...il.com> >
To: < full-disclosure@...ts.grok.org.uk
<mailto:full-disclosure@...ts.grok.org.uk> >
Sent: Monday, December 05, 2005 3:01 AM 
Subject: [Full-disclosure] IT security professionals in demand in 2006


> http://www.computerworld.com.au/index.php/id;923889191;fp;16;fpid;0
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/ 
>

_______________________________________________
Full-Disclosure - We believe in it. 
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 




-- 
http://gautam.name <http://gautam.name/> 
+91 9885677919

:wq! 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 


This e-mail is property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure.  Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited.  If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051206/03812b22/attachment.html

Powered by blists - more mailing lists