Re: Citizen cyber-protectors?

[<michael.blanchard () emc com>]

Not even if I was wearing a pair of socks given to me from one of those beetle sellers :-)

Michael P. Blanchard
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management
EMC ² Corporation
32 Coslin Drive
Southboro, MA 01772
Office: (508)898-7102
Cell:     (508)958-2780
email:  Blanchard_Michael () EMC COM


-----Original Message-----
From: Drsolly [mailto:drsollyp () drsolly com] 
Sent: Thursday, July 19, 2012 11:43 AM
To: Blanchard, Michael (InfoSec)
Cc: kyle.creyts () gmail com; funsec () linuxbox org; rmslade () shaw ca
Subject: RE: [funsec] Citizen cyber-protectors?

What, even if loads of beetle-sellers told you how important it is?

On Thu, 19 Jul 2012 michael.blanchard () emc com wrote:

> I'm part of the .5%....  I could care less about collecting beetles....
>
> Michael P. Blanchard
> Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
> Office of Information Security & Risk Management
> EMC ² Corporation
> 32 Coslin Drive
> Southboro, MA 01772
>
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Kyle Creyts
> Sent: Thursday, July 19, 2012 7:25 AM
> To: Drsolly
> Cc: funsec () linuxbox org; Rob, grandpa of Ryan, Trevor, Devon & Hannah; infosecbc () yahoogroups com
> Subject: Re: [funsec] Citizen cyber-protectors?
>
>
> I am part of the 1%.
> On Jul 19, 2012 2:31 AM, "Drsolly" <drsollyp () drsolly com<mailto:drsollyp () drsolly com>> wrote:
> If someone can't be bothered to write their thoughts down, and require me
> to spend 20 minutes to watch a video giving views that I could have read
> in one minute, then I'm not going to devote my time to listen to them.
>
> Since I haven't heard what he has to say, I cannot comment on his views.
> Except to point out that 99% of people are as interested in computer
> security as they are in beetle collecting. And anything that depends on
> them being more interested than that, or better informed, is doomed.
>
> On Wed, 18 Jul 2012, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
>
> > Marc Goodman (who I believe is https://twitter.com/FutureCrimes and
> > http://www.futurecrimes.com/ ) gave a recent TED talk on trends in the use of
> > high technology in crime:
> >
> > http://www.ted.com/talks/marc_goodman_a_vision_of_crimes_in_the_future.html
> >
> > The 20 minute talk is frightening, with very little in the way of comfort for the
> > protection or security side.  He ends with a call for crowdsourcing of protection.
> >
> > Now as a transparent society/open source/full disclosure kind of guy, I like the
> > general idea.  But, as someone who has been involved in education, security
> > awareness, and professional security training for some time, I see a few problems.
> > For crowdsourcing to work, you need a critical mass of at least minimally capable
> > people.  When you are talking about a weather reporting app, that minimal
> > capability isn't much. When you are talking about detecting cyberwar or
> > bioweapons, the capability levels are a bit different.
> >
> > Just yesterday the PNWER (Pacific NorthWest Economic Region
> > http://www.pnwer.org/ ) conference became the latest to bemoan the lack of
> > trained employees.  I rather suspect these constant complaints, since I see lots of
> > people out of work.  But the people who are whining about employees are just
> > looking for network admins and such.  We need people with more depth and more
> > breadth in their backgrounds.  I get CISSP candidates in my seminars who are
> > network admins who simply want to know a few ACLS for firewalls.  I have to
> > keep telling them that security professionals need to know more than that.
> >
> > Yes, I am privileged to be able to meet a number who *are* interested in learning
> > everything possible in order to meet any need or problem.  But, relatively
> > speaking, those are few.  And my sample set tends to be abnormal, in that these
> > are people who have already shown some interest in training (even if only job
> > related).  What Goodman is talking about is the general public.  And those of us
> > who have actually tried security awareness know how little conceptual awareness
> > we have to build on, let alone advanced technical knowledge.
> >
> > I think awareness, self-protection, and crowdsourcing is probably the only good
> > way to approach the problems Goodman outlines.  I just worry that we have a long
> > way to go.
> >
> > http://blogs.securiteam.com/index.php/archives/1793
> >
> > ======================  (quote inserted randomly by Pegasus Mailer)
> > rslade () vcn bc ca<mailto:rslade () vcn bc ca>     slade () victoria tc ca<mailto:slade () victoria tc ca>     
> > rslade () computercrime org<mailto:rslade () computercrime org>
> > On Friday, January 23rd, 2004, in a speech at the World Economic
> > Forum in Davos, Switzerland, Bill Gates stated `Two years from
> > now, spam will be solved.'
> > victoria.tc.ca/techrev/rms.htm<http://victoria.tc.ca/techrev/rms.htm> http://www.infosecbc.org/links
> > http://blogs.securiteam.com/index.php/archives/author/p1/
> > http://twitter.com/rslade
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.