lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004701c405f5$e4f9f790$112ea8c0@LUFKIN.DPSOL.COM>
From: purdy at tecman.com (Curt Purdy)
Subject: Where to start

Aschwin Wesselius wrote:
> Does a good security-officer have to know everything about
> every hole?

If that were true there would be no sec-offs.

> If I see lists and forums about network-security it seems
> that everybody
> knows a lot and has a huge reference base. Is this true?

Although I don't pretend to be "an expert", knowledge tends to come in one
of two flavors, narrow and deep, and wide and shallow.  I find in my field
it is best to have as wide a knowledge as possible while continually working
to deepen it as much as possible.  Security researches may argue with this
because of their need to focus on coding.  I would not argue with this but
Perl is about as deep as I go there.

I also would not argue with schooling, though I have had none since
graduating college in '76 (when I went back to visit the next year, walked
in and saw the punch card machines replaced by green screens and everyone
interactively entering code straight into the mainframe, I thought it was
the most amazing technological transformation in history).  I prefer the
school of hard-knocks and have the grey hair to prove it ;)

> Just because there are discussions, it seems that there is not one
> overall and central way of keeping track of evolving issues. How do
> people keep track easily with up to date best practices and not get
> distracted by "old" advisory?

I'm waiting for Google to write a search engine for brains.  Until then a
Palm will have to do along with Fish Oil (the only natural source of the
same protiens your brain is made of, and goog for your heart too.  And also
the reason human ancestors that were coastal dwellers beat out Neanderthals
that were hunters).

Sorry for rambling.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke


Powered by blists - more mailing lists