[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <67ea64530711181934y22667d12n914476f0582ddbad@mail.gmail.com>
Date: Mon, 19 Nov 2007 03:34:23 +0000
From: "worried security" <worriedsecurity@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: How to become a Computer Security
Professional ?
On Nov 17, 2007 1:08 PM, Meef <massa@...-dhaka.edu> wrote:
> What are the steps to follow to become a computer security professional ?,
Sorry, you will never make it to professionalism as you broke the
first and most important rule.
NEVER POST ON A PUBLIC MAILING LIST!!!!
The second most important rule of becoming a security professional is,
if you do need to post to a public mailing list then never do it under
a .edu or .gov or official company e-mail address, we will all just
point and laugh and have your account hi-jacked with the next
cross-site scripting flaw that gets to to the public mailing list.
The third most important rule to becoming a security professional is
never talk to people on public mailing lists who have broken rule one
and rule two or take whats said on public mailing lists seriously. As
soon as you take what is said on a public mailing list seriously is
the day you should cut your wrists.
Always get advice from a credible source after learning of a threat on
the public mailing lists.
The forth most important rule to becoming a security professional,
always use a throw-away e-mail account so it doesn't matter of script
kids hi-jack your e-mail account with the next cross-site scripting
vulnerablity that gets posted to the public mailing lists.
The fifth most important rule to becoming a security professional is
use an alias on public mailing lists, never use your real name, place
of work, place of education, place of living, as backfires cannot be
reversed. Once you've post something its post, archived around the
world and translated into more languages than you can shake a stick
at.
The sixth most important rule to becoming a security professional is
be paranoid. Yes, don't listen to people who say paranoia is bad for
you. In this industry it pays to be paranoid. Forget about your own
welfare, you've got millions of users and the economic stability of
the world to think about. Trade in your own life to save the life of
others. Indeed being a security professional will mean long hours, and
sleepless nights. Be prepared to be woken up in the middle of the
night and expect to have people shouting for answers down the phone to
you or rush you into the security operations center when news of a
major data breach reaches the inbox of your security team.
The seventh most important rule to becoming a security professional.
Think for yourself don't post ridiculous questions to a public mailing
list and expect to get the right answer, most folks will make anything
up and people generally cannot be trusted. Use search engines, read
books and free your mind from what other security researchers are
doing. Don't duplicate, originate your own work.
The eighth most important rule to becoming a good security
professional is have balls, if you think something is wrong, don't be
affraid to speak up, even if it means losing your job. Remember, the
security of other people comes before the security of your job
position. So if you think something is wrong, tell people about it,
and if they don't listen, then keep repeating it over and over. Never
give in and keep on trying to tell people about something you believe
in. You are a slave to the security of others, you don't come first
"they" do.
Ninth most important rule to becoming a good security professional.
Don't read public mailing lists, don't read security news sites, and
don't read web logs about what other people think about security. They
all suck, don't trust anyone in this world and don't believe the hype.
99.9% of anything post in public is attention grabbing bullshit, you
don't need it. Concentrate with whats going on within your own company
and screw all the others. Only read these mediums if its related to
what you're doing that day at work to fix a bug or thrawt a security
incident. Don't read about what could happen, stick to with whats
actually happening to you that day. Not what other people say is going
to happen next week.
Tenth most important rule to becoming a security professional, know
your enemy. Yes, get to know them, eavesdrop on them, send them gifts
and make them feel special. Your enemy is the single most important
person to you and your company's assets. If you don't know what your
enemy is doing then you don't have security. Remember though, don't
concetrate on other peoples enemies, concentrate on enemies for your
company. Don't read websites that say they are your enemy, because its
unlikely they really are. Your real enemies don't announce themselves
often and are unlikely to make public announcements about it, and the
ones that do are usually hoaxes.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists