Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Quote cybersecurity unquote (Paul D. Robertson)
----------------------------------------------------------------------
Message: 1
Date: Tue, 05 Nov 2013 09:32:27 -0500
From: "Paul D. Robertson" <paul@compuwar.net>
Subject: Re: [fw-wiz] Quote cybersecurity unquote
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <5279017B.3050806@compuwar.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Stephen P. Berry wrote:
> It is apparently national cyber security awareness month, a fact which
> I was made aware of by a bunch of fluff news pieces.
I completely missed it, but I'm considering doing another advocacy thing
like Personal Firewall Day, but longer- but it won't be in November, and
it hopefully won't be under the radar.
>
> This got me thinking: is network/information security, in the sense that
> long-time readers of firewall-wizards have practiced it, a dying
> profession?
> In the aforementioned news coverage there's prominent discussion of
> so-called hackers for hire, but none whatsoever of the sort of systems
> and
> infrastructure-focused work that I think of when I think of `security'
> in the abstract. Of course this is partly due to media reporting on a
> technical subject---hackers make good copy and backups and ACLs
> don't. But
> it also seems to reflect a change in the job market as well. I've been
> looking at job postings lately and there doesn't seem to be as much
> demand
> for the general `security guy' the way there used to be---that sort of
> thing
> apparently mostly being shifted up to the CTO level (and therefore
> producing
> nothing but whitepapers) and down to the developer level (and therefore
> producing nothing at all).
I don't know about the job market, but I assume all this pen testing
hoopla has someone actually doing the remediation, though I guess it may
the the companies doing the testing- that's certainly my current model.
>
> This seems to be part of a general move away from what used to be the
> traditional production operations systems and network administration
> model.
> I'm sure everyone is familiar with the trend already, but I'm talking
> about
> the move toward cloud-based/virtualisation-based `solutions', and the
> corresponding belief that such infrastructures don't require dedicated
> staff,
> and can be maintained either by programmers/developers or by
> third-parties
> (e.g. the hosting service provider).
>
> Of course I find this a little unsettling as a professional (on a good
> day)
> working in the industry. But it also looks like a recipe for disaster
> entirely from a logistical standpoint: networks and application
> archtectures
> running on them are getting progressively more and more complex, and more
> and more is riding on them, while at the same time less and less
> resources
> are being devoted to the nuts-and-bolts design and implementation details
> below the this-is-where-the-customer-pays-us application layer.
>
> Is this just me being a grumpy old BOFHish sysadmin, or does this jibe
> with
> other people's perceptions as well? Is so, what's the fulcrum to which
> leverage can be applied to shift the situation, if one even exists?
"Security as a Service" (*hack* </BillTheCat>)
I think dedicated security companies testing and remediating is probably
the most likely new model.
Paul
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 67, Issue 2
***********************************************
No comments:
Post a Comment