The Security Catalyst

In response to Michael Farnum’s ComputerWorld article of 12/5/2006 (http://www.computerworld.com/blogs/node/4115?source=NLT_SIC&nlid=92):

Michael,
You’re showing your grinch side again.
I too remember watching Wargames as a kid. While I was intrigued, it didn’t cause me to become a computer hacker or a hacker hunter. I was too busy typing in games from books and magazines. (Remember when computer magazines like Byte had the code for games in it. I’d spend all weekend typing it in and then all Sunday night playing it.) It was a great way to learn programming basics (pun intended).
But did you really say after watching Wargames, “I want to be a computer hacker or chase them?” I doubt it. Back then, we had no idea what computer security really was. We just knew that computers could do some cool stuff and we wanted to continue playing with them as a career.

Today, we have kids coming out of college knowing they want to work in security. We need those kids. You said it yourself:
The security profession does need passionate professionals who want to do the job well, no matter the grind. The security profession does need fresh blood who want to do the job because the job needs doing, no matter how many policies and procedures need to be written. The security profession does need individuals who will deal with that C-level manager who can’t figure out that security is job one.

We need to let them know that security is grand for exactly the reasons you say it’s a pain in your second paragraph. Look at the variety we experience on a daily basis: One minute we’re an extreme techie fixing a firewall, next we’re a psychologist trying to determine the intent of an incident and a few minutes later, we’re a salesman explaining why our organization needs security.

Few others in IT get to cross silos like those in security. Our position is like the safety on the football team. We go where we’re needed. We need expertise in a variety of technical architectures, while maintaining soft skills to work with management and the business. I rarely do the same thing day after day. For me, this is what makes security great. Our vast knowledge base and experience also positions us for bigger and greater things.

Yea, it’s a lot of work and has its hassles. It’s the same way with most jobs. Even those who hack or investigate hackers for a living experience the downside: it can be tedious and boring scouring log files and waiting for scans to complete. Then you have those who deny what you’ve found, despite the proof. It’s not really different in the security glory jobs. (BTW, please comment if you have one of those security glory jobs where you’re on a security “red team” or social engineer ethically on a daily basis. I’d like to hear your thoughts.)

It takes time and experience to become a complete security professional who can tackle all of its complexities. It’s not something you can learn in college. And yes Michael, it does take work. Those of us who have been doing this for a while need to step out mentor a newcomer. Show them the ropes and that our hard work is also our passion. Confucius says, “Choose a job that you love and you will never have to work a day in your life.”

By working together, we all become stronger.

If you enjoyed this post, make sure you subscribe to my RSS feed!