[Owasp-Malaysia] Is Network Security a Dead End Career?
Mohd Fazli Azran
mfazliazran at gmail.com
Wed Apr 21 12:17:56 EDT 2010
*For Your Comment!! Are we in security field are agree with this statement?*
Hard to believe that I ever thought I would be sitting here wondering about
the state of security as a viable career path. I have built my career up as
a security dude/hacker for years, but lately I have been noticing a few
- Vendors are getting really good at detecting network anomalies and the
interfaces are getting easier and easier to program.
- Threat vectors have become so large that now we look at a multi-tiered
attack surface instead of a laser-beamed attack point.
- Some of the biggest threats are due to applications and bots.
Here's the thing. I have be tasked to write a TechWiseTV episode on security
and truthfully, the stuff I have is really about as exciting as watching a
grad student take a calculus exam. There is really nothing "new" under the
sun. Oh, sure - product updates, faster detection, less false positives,
this header manipulation or that compliance support; yada friggen yada... I
refuse to do old attacks like BGP, ARP Spoofing, WPA cracking, etc... I need
Kinda cool? Ummm... yeah... but I do not go out and by a new car every cycle
to get a few nifty features. I suck it up and buy a car with a heated
steering wheel when the one I currently have smokes out.
My question is this:
*Have we finally done it and gotten to a point where security is handled via
a SaaS provider?*
Seems to me that a security design goes like this:
- Client-side protection (802.1X, TrustSec, AV, drive encryption)
- Device protection (TrustSec, SSHv2, DAI, SNMPv3, etc.)
- A firewall pair (deep rule set, N+1, line rate or close to it)
- Server Protection (TrustSec, drive encryption, AV)
- VPN subsystem (SSL, Mobile Phones, 3Des)
- Bonus: Log correlation device (OSSIM http://www.alienvault.com or MARS)
Press hard, the bottom copy is yours. (shout out to John Codrea!)
But the two BIG things on these devices are:
- How often are the devices updated to support the latest piss-ant bot,
virus, DDOS or application vuln?
- How is MY staff is managing the massive amounts of data generated by these
devices? Or do I just plug 'um in, config them and never touch them again?
Is that it? Have we gotten to a point of security templating? Sure, there
are a few changes in every account, but for the most part; we security folks
are battling the little stuff we have to wait on another vendor to take
care. Not much I can do on an XSS except change the browser rules (or
browser multiple times) or how many times can I email Adobe about yet
another PDF exploit? To me, it feels like I am a security bottom feeder
waiting on the next update. What fun is that? Once the gear is installed and
tuned in, now what? Just turn it over to a SaaS provider and make sure the
current threat level is addressed, I guess. When exploits get to the level
of application exploitation, the hacker clearly has the advantage. They have
an endless stream of applications, the element of surprise, endless
worldwide resources and a complicated global legal system protecting them.
They exploit and I wait for an update. I HAVE to have a team of full-time
researchers 24x7x365 augmenting my staff to try and level the playing field.
Point: SaaS security teams.
The real security action today seems to be at the research or hobbyist
level, where folks are hunting C&C for bots and taking them down. Seems like
many resellers I talk to agree that security folks are just not something
they are asking for. It's nice to know to design to but a dedicated career?
No room at the inn. I tell folks all the time that a solid knowledge in
security can really make you stand out from others when you design a VOIP,
Data Center or foundational network.
Am I wrong here? Is security still a good career path for folks interested?
I do not believe so anymore and it hurts to say that. I believe it is like a
augmentation skill like Unity in Mass Effect 2. There will always be
security but more and more I see it having to be a more of a trusted
third-party process that has those resources.
So what to about this show? Well, looks like ScanSafe is a good bet. IPS,
ASA, CSA are out. LISP seems cool maybe some botnet stuff. Yawn... Is this
really all there is??
Jimmy Ray Purser<http://www.networkworld.com/community/node/60303?source=NWWNLE_nlt_security_2010-04-21>
Mohd Fazli Azran
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-Malaysia