Why Digital Security?

Today I received the following email:

Hi Richard,

(Sorry for my bad English, i speak French...)

I'm one of your blog readers and i have just a little question about your (Ex) job, Consultant in IT security...

I'm very interested by IT security and i want to get a degree in this. In France, we have to write "motivation letter" to show why we are interested by the diploma. That's why i write to you to know a few things that you do in your job, what is interesting and what is boring ??

I figured I would say a few words here and then let all of you blog readers post your ideas too.

  • Likes:


    • Constant learning

    • Defending victims from attackers -- some kind of desire for justice

    • Community that values learning (but not necessarily education -- there's a difference)

    • Working with new technology

    • Financially rewarding for those with valuable skills


  • Dislikes:


    • Constantly changing landscape requires specialization and potential loss of big picture

    • Most attackers remain at large, meaning as a whole "security" never improves

    • Learning is being increasingly rated by the string of letters after one's name

    • Family system administration, especially for user applications on Windows that I have never seen; "But you work with computers!"

    • Charlatans, especially with letters and/or security clearances, rotating around the Beltway making lots of money without delivering value beyond a "filled billet"



What do you think?

Comments

Alex said…
Richard,

Enjoyed your thoughts, wanted to add a dislike:

Sometimes security restricts ease of use/administration/etc. leading to debates with others who have a less security centric point of view. While these discussions are important, as they push for the refinement and evolution of security practices and usability development, it can be a pain to repeatedly have to justify the need for proactive security thinking within IT.

Obviously this is not an ideal environment, but I believe one that many find themselves in.
11:31 PM
Anonymous said…
Richard,

I appreciate your point about the difference between learning and education. I often notice peers that claim to be "educating", when in fact they are facilitating the "learning" of incorrect or incomplete information.

-Alex
12:13 PM
jbmoore said…
There is a difference between being educated and being intelligent. Many educated people are not always "intelligent" and the converse is true as well. There seems to be a lack of intelligence gathering. People depend upon vendors for their information about what is going on rather than deploy honeypots and test their AV software against their captured malware samples. You harp on a similar problem with not capturing network traffic and knowing your site's traffic patterns. Also, with any deeply technical field with its jargon and such, there's a communications barrier to be overcome in educating one's audience so that they "get" it. The audience can be family, friends and superiors. The field could do with some rigorous statistical analysis and more openness in the form of peer review of techniques and disclosure of failures. Instead, entities clam up about their losses unless they are forced to disclose them by law (security via obscurity). Until these things happen, security will be as much art as science or engineering. This is not how applied science is conducted.
9:42 AM
Anonymous said…
This comment has been removed by a blog administrator.
7:02 AM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more