Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/15/2010
11:11 PM
John H. Sawyer
John H. Sawyer
Commentary
50%
50%

Bridging The Gap Between Training And Operations

The EDUCAUSE Security Professionals Conference is a great conference for IT staff from higher education to meet and learn about deploying and managing security tools like OSSEC and Bro IDS, hear how others are dealing with compliance issues, and network with other professionals interested in security.

The EDUCAUSE Security Professionals Conference is a great conference for IT staff from higher education to meet and learn about deploying and managing security tools like OSSEC and Bro IDS, hear how others are dealing with compliance issues, and network with other professionals interested in security.Last night during some post-conference conversations, someone was making the argument that organizations don't have problems securing their IT resources because their staff is stupid, but because they simply don't know how. That's contrary to a mindset that we security professionals sometimes fall victim to. We often assume the admins are stupid because their systems are getting hacked. Likewise, we often think the same thing about users. Obviously, they must be dumb if their systems are getting infected, right?

Wrong. It's easy to jump up and say these things happen because of stupidity, but often, the root cause is that we aren't educating our first line of defense properly. I've written about this in regards to users, but what about the sysadmins and help desk technicians? How often do they actually get included in security training?

That last question is a very important one that is often overlooked, and can turn into a critical issue considering that sysadmins are the ones standing systems up in the enterprise. And, don't forget that while the first tier of support to users, the help desk are often the last to know about the latest threats that could be affecting those they service.

Naturally, the discussion progressed to training and whether or not what was available would really get these people up to where they needed to be to effectively secure their systems and networks. The common complaint came up about how most training is geared for the trainee get a certification that does little more than line the pockets of the training companies.

So with that in mind, what's the likelihood that the trainee can really apply the course content when they return to work? Maybe I was surrounded by a few cynics, but they seemed to be skeptical of the applicability of most of the training they've seen. Personally, I have had the opposite experience where I've spent a few days learning to tear apart packets with tcpdump and Snort, which I then leveraged the day I returned to work.

So I'm left wondering if I'm part of the minority who've actually attended training that left me better prepared to defend my networks. Or, were the folks I was talking to just voicing their frustrations and applying it to the security training industry as a whole?

As the saying goes, "Inquiring minds want to know." Shoot me an e-mail or leave a comment below and let me know your experiences. I'm very curious to see if this comes down to a lack of funding and accessibility to the right training, or if it's a common issue plaguing the IT industry.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5641
PUBLISHED: 2020-11-24
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
CVE-2020-5674
PUBLISHED: 2020-11-24
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-29002
PUBLISHED: 2020-11-24
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29003
PUBLISHED: 2020-11-24
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...