Hello,
I know what you mean. I have even seen certified people that don't have a
clue what they are doing. Script-kiddies often have more skills.
I would look to community involvement, outside office hours experiences, a
multi-disciplined background, and then certs last. Good security people are
not trained in school for security. It comes from a further understanding --
Putting it all together. Passionate doesn't mean skilled or experienced so
look for indicators of such.
Ask dumb questions such as, "What is a firewall for?", "How much does a
stolen laptop cost?", "Is it ok to email customers their receipt?", "Are
HTTPS web sites secure?", and such. Expect smart answers to the questions
you didn't ask from the above.
Books are 3 years out of date. They are good for ground up learning. I
mostly read sites and pick up a book for a deeper level of understanding,
such as Exploit Research. This year alone I read 8 books which is nothing
compared to the online only material that I have read. -- A security people
need to know the past and well as what is going on today. Zero Days are not
going to be in a book.
The person should be smart, adaptive, and be able to reference past events,
"What did you do when the I Love You email worm hit?".
Regards,
--
Jason Muskat | GCFA, GCUX - de VE3TSJ
____________________________
TechDude
e. Jason@TechDude.Ca
m. 416 .414 .9934
http://TechDude.Ca/
From: andy cuff <lists@securitywizardry.com>
Date: Fri, 01 Dec 2006 22:09:12 +0000
To: <security-basics@securityfocus.com>
Subject: Identifying passion for security?
Resent-From: <security-basics-return-42172@securityfocus.com>
Resent-Date: Mon, 4 Dec 2006 10:43:54 -0700 (MST)
Evening,
Showing my age I'm finding it increasingly difficult to find security geeks
who
are truly passionate about security. There seems to be a recent trend in
unpassionate people chasing either the money, an easy ride or something that
isn't as dull as network or system administration.
So how would you identify passion quickly, personally I like what cons have
you
been to? If they are passionate but poor they would reply none but I'd like
to .... What books have they bought, what tools do they use what sites
do they visit email them at night and see how long it takes them to reply
what else?
--
Andy Cuff
Computer Network Defence Ltd
www.SecurityWizardry.com
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
