All,
Yes, practical knowledge. However the burden of an engineer is theory; root
cause analytical discipline. Foe example: a working knowledge of TCP/IP,
all layers, IPv4 / IPv6. There seems to be an advent of individuals who
purport to be an "engineer", yet really lack the resourcefulness and dynamic
abilities to learn, to learn fast and accurately. The "two year" colleges
are the scourge of the engineering world, thanks to the leading
organizations I would like to mention, but as a professional, cannot.
There also seems a feeling that a working knowledge of the myriad of network
security tools that are free and easy, are the key to being able to judge,
in real-time, what is a threat, what looks like a threat, and what,
depending on dissector settings, is quasi-normal. The tools are only as
good as the interpreted output, put into action, and are of value only to an
inherent, cognizant engineer.
It seems that although certificates, and their resultant surname-suffixes,
are sometimes just that. Even the posts from these great security-based
lists, are questionable when the author has several attributes as to qualify
themselves as "engineers"
Theory, adaptation, resourcefulness, and the lifetime commitment to learn as
technology demands, and an ability to take critique, however harsh, and move
forward. These are the attributes of one who wishes to carry the obligatory
weight of the simple, yet critical title.
Network security demands that while research is going on in real-time, one
has to practice with hardware, and ask questions, and be humble. There is
truth that although many people claim to be a lot of things, those who are
what they say, I know in my heart, have one common thread. Theory. And
consummate dedication to stay ahead of "conventional wisdom", and excel.
-Scott
----- Original Message -----
From: "Ravi Kumar" <ravivsn@rocsys.com>
To: "Liran Cohen" <theog@tehila.gov.il>
Cc: <security-basics@lists.securityfocus.com>
Sent: Thursday, December 23, 2004 1:04 AM
Subject: Re: what is required for an engineer to become an SECURITY engineer
Theog,
I agree with you completely. Unless one have practical knowledge,
there is no need for him in market.
As I mentioned in my mail, the concept is to build people with practical
knowledge. Give us your valuable inputs to frame the syllabus in that
direction.
Thanks,
-Ravi
Liran Cohen wrote:
Well, I don't think there is really a way to measure one's expertise
regarding Information security, Would you trust you're money with some
banker who just finished his economics degree and opened a bank? , I
guess, as in many fields, so in the Information security business,
experience,recommendation and reputation will be the criteria, one
cannot simply take a test and become a security engineer (although many
people claim to be a lot of things... :) ).
Liran Cohen
TheOg
Ravi Kumar wrote:
[I am reposting the question with modifications]
Hi,
I was asked to prepare syllabus for security management,incident
handling,forensics analysis, intrusion detection etc., Th intention is
train an engineer to become a SECURITY engineer.
we know there are several certifications which are designed for this
purpose. I want from you with your security experience tell us what
should an BASIC course for security really requires.
If industry wants to recruit an engineer for its security needs what
type of experience they look for?
Note: Please dont relate my question with any certifications and be
generic.
Thanks for any help,
-Ravi
