[46482] in North American Network Operators' Group
Re: How to get better security people
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sat Mar 30 01:06:40 2002
Date: Sat, 30 Mar 2002 01:06:03 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <5.1.0.14.2.20020329204353.03615a50@mail.macronet.net>
Message-ID: <Pine.GSO.4.40.0203292302280.6424-100000@clifden.donelan.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
>A basic security mindset is a combination of paranoia, a talent for
>contingency planning, and an understanding of business need.
My suggestion was to include a couple of courses in the curriculum.
1. Engineering Ethics
How to play fair
Right and wrong, dealing with conflicting responsibilities
2. Engineering Paranoia
The world doesn't play fair
Bad data, safety factors and progressive collapse
I'm not sure you can really teach someone the right combination
of ethics and paranoia to be successfull. I can teach anyone the
technical stuff, or give them a really thick book. But best
practices aren't a substitute for understanding the business and
sound judgement.
