PaulDotCom mailing list archives
Specialise to survive?
From: i0null at nightcoder.org (Shane Kelly)
Date: Tue, 18 Aug 2009 23:26:38 +0100
Matt, I agree broadly with this. Although I would argue that security is more of a perspective then a specialism. Security/Risk really underpins anything and everything we do. In the physical world, you have martial arts, in the similar fashion as anti-virus in the computer world. I'm not trying to compare the two examples, but rather showing that the perspective is similar in concept in two very different environments. This is a sweeping statement, but I think this is what makes security people think different and more open. We don't have to focus on the same areas to understand each others perspective and/or direction. Shane 2009/8/18 Matt Hillman <cybereagle at gmail.com>:
I'm surprised no one has made the argument that security IS a specialisation within computing hehe. Guess that goes to show how far the field has come (both computing in general, and computer security). There has to be a computer scientist laughing at this somewhere. Anyway, my 2 cents is this: being on the offensive side of security, its important for me to know as wide a spectrum of things as possible. Every aspect of security (and even many other things!) enriches my overall perspective and ability. Things might not be directly connected, but having a level of understanding and proficiency in seemingly unrelated things can still help a great deal. This is kind of being a generalist. However, that doesn't mean I can't specialise as well. To me the real question is how much to specialise in each thing. And the best balance depends a lot on what it is you are doing or want to be doing. Now the original question seemed more focused around how specialisation/generalisation benefits an individual, but it also helps to see it in the context of a team. A good team has people with broad knowledge overall, with certain people who knows certain things in more depth. You can all pretty much do most jobs, but there are goto guys for stuff too. If you want to bring it back to an individual level, think about how you could benefit such a healthy team. Would you be too narrow to deliver different work, or would you lack an edge of specific knowledge you could bring to the table, or suitable depth of knowledge. Another question is how specific a specialisation is. If you have something highly specific, like Tims example of "forensic analysis of devorak keyboards for AS/400 systems emulating Apple IIc systems", you probably want to balance that out with some more generalist tendencies. "reverse engineering for x86 linux" is less specific, and "reverse engineering" is less specific again. Looked at in this way, "specialise or not" doesn't seem to black and white. Kind of like an ecosystem of skills. Plus, the hacker in me does whatever is funnest regardless, so a certain level of generalism isn't a decision, its a curious compulsion ;) On Sun, Aug 16, 2009 at 9:30 PM, Michael Douglas <mick at pauldotcom.com> wrote:I've been pretty surprised, but things went well. ?I'm starting to believe that most people want to do what's right (provided that it's not *that* hard) but they just don't know how. Full disclosure: I've finally found a big element of success is social engineering the folks who I need to attend. ?For instance, Clueless Carl is an eager eBay buyer, and was one of the first to sign up for a talk I titled "eBay the safe way" and the content was mainly just what you'd expect... but then toward the end I took a swerve and started talking about malicious browser objects and how attackers might steal your eBay logins... I saw a dramatic reduction in the number of folks who got drive-by downloads. I'm starting to work on another class about how devs need to sanitize user input, we'll see how that goes! ?(fingers crossed!) On Sun, Aug 16, 2009 at 1:11 PM, Jason Wood<tadaka at gmail.com> wrote:And that's why I now offer up network 101 classes (and a series of others) to *anyone* who wants to attend.Mick, I'm glad you made this comment and that you've started doing this.? How are the classes going and what impact has it had on Carl and the organization? I've thought a lot about this idea right here, but never gotten off my butt to put one together. I've worked with a few Clueless Carls and while I can cuss about them real good, I've never done much other than give a terse lecture on why X was a really bad idea. So to jack the thread even further, perhaps I'm not doing enough to make sure Carl doesn't remain clueless.? Carl has the major portion of that responsibility, but for the good of my sanity and the organization, some 101 classes may be in order. Jason On Sun, Aug 16, 2009 at 8:38 AM, Michael Douglas <mick at pauldotcom.com> wrote:Yes, specialists with a lack of skill in other areas can be truly dangerous. Funny & true story (details of where this happened omitted to protect the guilty) One day I saw our IDS system explode with alarms about some truly horrific network traffic, at the same time, our host monitoring system started showing web servers winking out of existence. ?Evil was afoot. As I was about to run to the server room, a DBA we'll call Clueless Carl came over. ?And asked the most horrifying question I've ever heard. Carl: "Mick, I just ran into a strange ping problem. ?When I send pings that are over 2.5 meg in size I'll get a response back once... but then the rest time out." Me: (I made a squeaking "urk" type sound) ... ?what? Carl: ?You know ping. ?I need to test the network. Ping's how you do it. Me: well... sometimes. ?Did you say 2.5 Meg? ?As in megabytes? via ping? Carl: (clearly exasperated) YEAH! ?We're having trouble with the TPS reports... some of the results don't display in the browser right. Looking at the table the result set is a bit under 2.5 Meg. ?So I wanted to see why the network can't handle data sets that large. ?We have a problem here! Me: You have no idea! ?(evil grin) And that's why I now offer up network 101 classes (and a series of others) to *anyone* who wants to attend. Sorry to thread jack, but it was too good to pass up! - Mick On Sun, Aug 16, 2009 at 10:07 AM, Raffi Jamgotchian<raffi at flossyourmind.com> wrote:That's precisely what's wrong about your argument. Your asumption is that the generalist doesn't have deep understanding in any subject. A good generalist can do the work of many people. But the same good generalist needs to know when to call in for help. In my experience, present company excluded of course, specialists that are typically so narrow in thinking cause more issues than not. Because they don't completely understand the affects on surrounding disciplines. ---- Raffi On Aug 16, 2009, at 8:49 AM, Shane Kelly <shane at nightcoder.org> wrote:I think you are going to have incompetent people at either side of the spectrum. You could argue that generalists are multi-handed specialists / or that specialists do not have sufficient understanding of surround areas. You could also argue that generalists do not have enough technical understanding or patience to pursue a given specialism. It ultimately comes down to how must time and effort people are willing to invest in understanding their acclaimed subject. IMHO, you can not encapsulate peoples skill level at a 100 foot view of there depth into the subject. You need people in both sides of the field. Generalists to have enough knowledge to understand where organisations should focus efforts. Specialists to focus on that area and have deep technical knowledge of that area to ensure a quality work is performed. In my view, generalists make good sales people, specialists get recognised in the security field for there technical achievements. Shane 2009/8/16 Raffi Jamgotchian <raffi at flossyourmind.com>:Hear hear. Whether a generalist or a specialist, hubris will bite you. ---- Raffi On Aug 15, 2009, at 10:35 PM, Michael Douglas <mick at pauldotcom.com> wrote:jack of all trades messed up the environmentOK this is the one area where I wasn't too clear on the earlier thread. ?I'm assuming that you are competent in everything that you say you're going to do. ?Unfortunately, this isn't the case. ?There are many Jerks of All Trades who will mess things up badly. For those who mentioned it above, yes being a generalist does tend to get you in the small and medium sized businesses... but there are exceptions... take my day job for instance. ?For those of you who don't know, I work at OCLC -- a non-profit library coop. ?We're what I'd consider large. ?We have over 72,000 libraries in our collective. We have a database with holdings information on about 1.2 billion (yes billion) records (books and other stuff). ?We have a few thousand servers... yet they hired me... ?A generalist! I'm a generalist... but a big part of my ability to get things done is admitting what I don't know. ?For instance, a big part of my skill with forensics is how I DON'T mess up data. ?If things get to hairy for me, I can wrap things up and call in folks who are better than me (and remember, there ALWAYS is someone better than you -- thinking otherwise is the first step on the path to destruction) knowing when to sit down and hack or when to walk away is probably the greatest skill anyone in computers can have! - Mick On Sat, Aug 15, 2009 at 2:42 PM, John Navarro<jnavtx at gmail.com> wrote:Good point Tim! Robert, I do think that a "jack of all trades" type will fit in better to smaller companies, whereas the specialized, from my experience, seem to have a better chance at getting into larger corporations. It was never my intention to be "specialized", but having worked at a firewall vendor it was just easier to find those opportunities that required a specific skillset. Of course it could be that the jack of all trades messed up the environment and they needed someone specialized to come in and clean it up ;) On Sat, Aug 15, 2009 at 8:16 AM, Tim Krabec <tkrabec at gmail.com> wrote:Don't forget your specialization does not have to be computer/ program related You don't have to specialize in "forensic analysis of devorak keyboards for AS/400 systems emulating Apple IIc systems" You could specialize in database recovery for small businesses. Or BCP & DR for law offices or real estate companies. -- Tim Krabec Kracomp 772-597-2349 smbminute.com kracomp.blogspot.com www.kracomp.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- irc: Tadaka Twitter: ?Jason_Wood jwnetworkconsulting.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Specialise to survive?, (continued)
- Specialise to survive? John Navarro (Aug 15)
- Specialise to survive? Michael Douglas (Aug 15)
- Specialise to survive? John Navarro (Aug 15)
- Specialise to survive? Raffi Jamgotchian (Aug 15)
- Specialise to survive? Shane Kelly (Aug 16)
- Specialise to survive? Raffi Jamgotchian (Aug 16)
- Specialise to survive? Michael Douglas (Aug 16)
- Specialise to survive? Jason Wood (Aug 16)
- Specialise to survive? Michael Douglas (Aug 16)
- Specialise to survive? Matt Hillman (Aug 18)
- Specialise to survive? Shane Kelly (Aug 18)
- Specialise to survive? Jason Wood (Aug 15)
- Specialise to survive? Subba Rao (Sep 27)