lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <67ea64530711181934y22667d12n914476f0582ddbad@mail.gmail.com>
Date: Mon, 19 Nov 2007 03:34:23 +0000
From: "worried security" <worriedsecurity@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: How to become a Computer Security
	Professional ?

On Nov 17, 2007 1:08 PM, Meef <massa@...-dhaka.edu> wrote:
> What are the steps to follow to become a computer security professional ?,

Sorry, you will never make it to professionalism as you broke the
first and most important rule.

NEVER POST ON A PUBLIC MAILING LIST!!!!

The second most important rule of becoming a security professional is,
if you do need to post to a public mailing list then never do it under
a .edu or .gov or official company e-mail address, we will all just
point and laugh and have your account hi-jacked with the next
cross-site scripting flaw that gets to to the public mailing list.

The third most important rule to becoming a security professional is
never talk to people on public mailing lists who have broken rule one
and rule two or take whats said on public mailing lists seriously. As
soon as you take what is said on a public mailing list seriously is
the day you should cut your wrists.

Always get advice from a credible source after learning of a threat on
the public mailing lists.

The forth most important rule to becoming a security professional,
always use a throw-away e-mail account so it doesn't matter of script
kids hi-jack your e-mail account with the next cross-site scripting
vulnerablity that gets posted to the public mailing lists.

The fifth most important rule to becoming a security professional is
use an alias on public mailing lists, never use your real name, place
of work, place of education, place of living, as backfires cannot be
reversed. Once you've post something its post, archived around the
world and translated into more languages than you can shake a stick
at.

The sixth most important rule to becoming a security professional is
be paranoid. Yes, don't listen to people who say paranoia is bad for
you. In this industry it pays to be paranoid. Forget about your own
welfare, you've got millions of users and the economic stability of
the world to think about. Trade in your own life to save the life of
others. Indeed being a security professional will mean long hours, and
sleepless nights. Be prepared to be woken up in the middle of the
night and expect to have people shouting for answers down the phone to
you or rush you into the security operations center when news of a
major data breach reaches the inbox of your security team.

The seventh most important rule to becoming a security professional.
Think for yourself don't post ridiculous questions to a public mailing
list and expect to get the right answer, most folks will make anything
up and people generally cannot be trusted. Use search engines, read
books and free your mind from what other security researchers are
doing. Don't duplicate, originate your own work.

The eighth most important rule to becoming a good security
professional is have balls, if you think something is wrong, don't be
affraid to speak up, even if it means losing your job. Remember, the
security of other people comes before the security of your job
position. So if you think something is wrong, tell people about it,
and if they don't listen, then keep repeating it over and over. Never
give in and keep on trying to tell people about something you believe
in. You are a slave to the security of others, you don't come first
"they" do.

Ninth most important rule to becoming a good security professional.
Don't read public mailing lists, don't read security news sites, and
don't read web logs about what other people think about security. They
all suck, don't trust anyone in this world and don't believe the hype.
99.9% of anything post in public is attention grabbing bullshit, you
don't need it. Concentrate with whats going on within your own company
and screw all the others. Only read these mediums if its related to
what you're doing that day at work to fix a bug or thrawt a security
incident. Don't read about what could happen, stick to with whats
actually happening to you that day. Not what other people say is going
to happen next week.

Tenth most important rule to becoming a security professional, know
your enemy. Yes, get to know them, eavesdrop on them, send them gifts
and make them feel special. Your enemy is the single most important
person to you and your company's assets. If you don't know what your
enemy is doing then you don't have security. Remember though, don't
concetrate on other peoples enemies, concentrate on enemies for your
company. Don't read websites that say they are your enemy, because its
unlikely they really are. Your real enemies don't announce themselves
often and are unlikely to make public announcements about it, and the
ones that do are usually hoaxes.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ