Firewall Wizards mailing list archives
Re: Quote cybersecurity unquote
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 05 Nov 2013 09:32:27 -0500
Stephen P. Berry wrote:
It is apparently national cyber security awareness month, a fact which I was made aware of by a bunch of fluff news pieces.
I completely missed it, but I'm considering doing another advocacy thing like Personal Firewall Day, but longer- but it won't be in November, and it hopefully won't be under the radar.
This got me thinking: is network/information security, in the sense thatlong-time readers of firewall-wizards have practiced it, a dying profession?In the aforementioned news coverage there's prominent discussion ofso-called hackers for hire, but none whatsoever of the sort of systems andinfrastructure-focused work that I think of when I think of `security' in the abstract. Of course this is partly due to media reporting on atechnical subject---hackers make good copy and backups and ACLs don't. Butit also seems to reflect a change in the job market as well. I've beenlooking at job postings lately and there doesn't seem to be as much demand for the general `security guy' the way there used to be---that sort of thing apparently mostly being shifted up to the CTO level (and therefore producingnothing but whitepapers) and down to the developer level (and therefore producing nothing at all).
I don't know about the job market, but I assume all this pen testing hoopla has someone actually doing the remediation, though I guess it may the the companies doing the testing- that's certainly my current model.
This seems to be part of a general move away from what used to be thetraditional production operations systems and network administration model. I'm sure everyone is familiar with the trend already, but I'm talking aboutthe move toward cloud-based/virtualisation-based `solutions', and thecorresponding belief that such infrastructures don't require dedicated staff, and can be maintained either by programmers/developers or by third-parties(e.g. the hosting service provider).Of course I find this a little unsettling as a professional (on a good day)working in the industry. But it also looks like a recipe for disasterentirely from a logistical standpoint: networks and application archtecturesrunning on them are getting progressively more and more complex, and moreand more is riding on them, while at the same time less and less resourcesare being devoted to the nuts-and-bolts design and implementation details below the this-is-where-the-customer-pays-us application layer.Is this just me being a grumpy old BOFHish sysadmin, or does this jibe withother people's perceptions as well? Is so, what's the fulcrum to which leverage can be applied to shift the situation, if one even exists?
"Security as a Service" (*hack* </BillTheCat>) I think dedicated security companies testing and remediating is probably the most likely new model. Paul _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Quote cybersecurity unquote Stephen P. Berry (Nov 01)
- Message not available
- Re: Quote cybersecurity unquote Paul D. Robertson (Nov 05)
- Re: Quote cybersecurity unquote mjr (Nov 05)
- Re: Quote cybersecurity unquote David Lang (Nov 06)
- Re: Quote cybersecurity unquote Marcin Antkiewicz (Nov 06)
- Re: Quote cybersecurity unquote David Lang (Nov 07)
- Re: Quote cybersecurity unquote Paul D. Robertson (Nov 05)
- Message not available