I agree with the frustrations you have on the global improvements in security.

In response to the individual who mentioned that the lack of progress keeps us employed and is better than systems monitoring, I have some things for you to think about.

- How many times can you recommend network segmentation, firewalls, encrypted channels, and patching before it becomes old and dull?

- How many times can you recommend input validation and code review before you grow tired of your message falling on deaf ears?

- How many times can you make security recommendations that would greatly enhance the security of an environment or system, only to hear it get denied by management?

Realize that I am not judging you, I am just asking that you think about this. If you are OK with this, than I am happy for you.

Realize that this field is full of bright energetic people who have a lot of choices before them, and they may answer the same as you on the questions I presented.

Realize that for them, the lack of progress in global security has caused them to hit a wall in their security work, and they do not have a practical opportunity to deepend their knowledge and exploration because it is not supported by their work.

For these people the security field may be just as exciting as you find systems monitoing and management. They have the same feeling you have when a box needs to be rebuilt or a device fails.

In any technical field, those working and making great strides with a new field or technology are usually bright and passionate about things. The product of their exploration and study will be books, articles, tools, theories, and frameworks to allow others who are less capable also do this type of work.

That is what has happened to IT in general, and security is going there as well. It is time for these people to move on and find the next frontier for their creativity.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/159/19892#19892