Search This Blog

Saturday, November 02, 2013

firewall-wizards Digest, Vol 67, Issue 1

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Quote cybersecurity unquote (Stephen P. Berry)


----------------------------------------------------------------------

Message: 1
Date: Wed, 02 Oct 2013 19:00:34 -0700
From: "Stephen P. Berry" <spb@meshuggeneh.net>
Subject: [fw-wiz] Quote cybersecurity unquote
To: firewall-wizards@listserv.cybertrust.com
Cc: spb@meshuggeneh.net
Message-ID: <20131003020034.9F68C140F5@ushiro.meshuggeneh.net>


It is apparently national cyber security awareness month, a fact which
I was made aware of by a bunch of fluff news pieces.

This got me thinking: is network/information security, in the sense that
long-time readers of firewall-wizards have practiced it, a dying profession?
In the aforementioned news coverage there's prominent discussion of
so-called hackers for hire, but none whatsoever of the sort of systems and
infrastructure-focused work that I think of when I think of `security'
in the abstract. Of course this is partly due to media reporting on a
technical subject---hackers make good copy and backups and ACLs don't. But
it also seems to reflect a change in the job market as well. I've been
looking at job postings lately and there doesn't seem to be as much demand
for the general `security guy' the way there used to be---that sort of thing
apparently mostly being shifted up to the CTO level (and therefore producing
nothing but whitepapers) and down to the developer level (and therefore
producing nothing at all).

This seems to be part of a general move away from what used to be the
traditional production operations systems and network administration model.
I'm sure everyone is familiar with the trend already, but I'm talking about
the move toward cloud-based/virtualisation-based `solutions', and the
corresponding belief that such infrastructures don't require dedicated staff,
and can be maintained either by programmers/developers or by third-parties
(e.g. the hosting service provider).

Of course I find this a little unsettling as a professional (on a good day)
working in the industry. But it also looks like a recipe for disaster
entirely from a logistical standpoint: networks and application archtectures
running on them are getting progressively more and more complex, and more
and more is riding on them, while at the same time less and less resources
are being devoted to the nuts-and-bolts design and implementation details
below the this-is-where-the-customer-pays-us application layer.

Is this just me being a grumpy old BOFHish sysadmin, or does this jibe with
other people's perceptions as well? Is so, what's the fulcrum to which
leverage can be applied to shift the situation, if one even exists?




-spb



------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 67, Issue 1
***********************************************

No comments: