lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <004701c405f5$e4f9f790$112ea8c0@LUFKIN.DPSOL.COM> From: purdy at tecman.com (Curt Purdy) Subject: Where to start Aschwin Wesselius wrote: > Does a good security-officer have to know everything about > every hole? If that were true there would be no sec-offs. > If I see lists and forums about network-security it seems > that everybody > knows a lot and has a huge reference base. Is this true? Although I don't pretend to be "an expert", knowledge tends to come in one of two flavors, narrow and deep, and wide and shallow. I find in my field it is best to have as wide a knowledge as possible while continually working to deepen it as much as possible. Security researches may argue with this because of their need to focus on coding. I would not argue with this but Perl is about as deep as I go there. I also would not argue with schooling, though I have had none since graduating college in '76 (when I went back to visit the next year, walked in and saw the punch card machines replaced by green screens and everyone interactively entering code straight into the mainframe, I thought it was the most amazing technological transformation in history). I prefer the school of hard-knocks and have the grey hair to prove it ;) > Just because there are discussions, it seems that there is not one > overall and central way of keeping track of evolving issues. How do > people keep track easily with up to date best practices and not get > distracted by "old" advisory? I'm waiting for Google to write a search engine for brains. Until then a Palm will have to do along with Fish Oil (the only natural source of the same protiens your brain is made of, and goog for your heart too. And also the reason human ancestors that were coastal dwellers beat out Neanderthals that were hunters). Sorry for rambling. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke
Powered by blists - more mailing lists