[Techtalk] Security professionals/hobbyists -- Opinions?

Megan Golding meggolding at yahoo.com
Sat Aug 3 08:05:00 EST 2002

Hello everyone!

I'm writing an article about the value of security training and am
interested in opinions from y'all.

According to a 1999 SANS survey[1] of about 1800 security experts,
the top management error that leads to vulnerabilities in networks is
the assignment of untrained people to security roles and providing
neither training nor time.

Though this survey is almost 3 years old, I think the general
conclusion -- people are all-too-often left guarding a network
without the knowledge of exactly what they're doing -- is still
accurate. In fact, If you contrast this conclusion against the Top 20
Internet Security Vulnerabilities[2], you start to believe. If not a
majority, then at least a significant number, of the top 20 are
easily attributed to lack of knowledge.

Anyone care to offer up opinions on this?
 * Do you think lack of training is really the
   top explanation for weak security?
 * If we think of "training" in the formal sense,
   where one attends courses, which security 
   certifications carry the most value? Least?
 * If we count "training" in the SANS survey 
   as acquiring knowledge (regardless of the 
   source), can you describe the optimal environment
   for acquiring maximum knowledge -- how
   many people are ther? What types of experience?
 * Have any horror stories you're willing to share?
   Network breakins because of some lack of 
   knowledge on your or someone else's part?

[1] http://www.sans.org/newlook/resources/errors.htm
[2] http://www.sans.org/top20.htm

Thanks for your input! I look forward to hearing from y'all -- and
discussing your viewpoints.


Do You Yahoo!?
Yahoo! Health - Feel better, live better

More information about the Techtalk mailing list