06.14.07
Daily Link List
I know these aren't daily but there were a few things I came across today / last night that I thought warranted mini blog posts.
The first of these was a post by Rich Mogull over on Securosis.com. It's a great post, entitled 'Then There Was The Time I Sort Of Kidnapped Someone', which talks about education vs experience by discussing a story of Rich's from when he was in his early 20s. While it doesn't directly discuss IT, it definitely fits with any industry. I won't spoil the story as it was definitely worth the read, but in the end Rich points out that a superb education with 'top of the class' marks, doesn't compare to actual experience. I think this is important to point out because it applies to everything. There are plenty of businesses that still place things such as [CCNA, CISSP, MCSE, ] Required in their job posts and are firm on those requirements. Even if you the industry experience to have learned and utilized those skills, they'd rather someone with a piece of paper. Now I realize that this was talking more about people coming straight out of school and I think that is another reason it should be read, and read again... a chance to learn from the mistakes of someone else.
Something that has always bothered me... and maybe it's bothered me more than it would most because I'm a college graduate rather than a university graduate... is university students... and not all of them... but a number of them. I had this problem while attending college and I've had this problem afterwards while working in IT. I find that university students feel, that because they are going to (or have) graduated university they are superior to you, if you haven't done the same. They are "hot shit" so to speak and think the world of themselves. I think that reading Rich's article is a great way for some of these "hot to trot" show-offs to be brought back down to earth. It's better to learn from the mistakes of others, than to get out into the working world and be smacked down by those around you. So if you're one of these people... go give it a read... Since most of you won't admit it if you are... Everyone go give it a read.
Up next on the "interesting reads" list is a blog post over on the Websense Security Labs Threat Blog. It discusses how an "enterprising individual" (read: scam artist) used a little bit of basic javascript to change his customer feedback rating and turn himself into a power user to all those unsuspecting visitors to his eBay auctions. Web 2.0 frightens me... I'll be the first to admit it... This is a great example of how control is lost when security isn't quite up-to-snuff.
Also a quick thanks to the Websense people for their awesome booth at InfoSec Canada. You really can't beat free beer!
Next we've got an article by Brian Krebs in his Washington Post Security Fix blog. It touches on a bill that passed in the US House of Representatives. It is the second bill they've passed on the subject of Caller ID spoofing. The first bill is still before the Senate which is where this one will head.
I've got a soft spot in my heart for Caller ID spoofing since I disabling Caller ID with each call and I dislike that the telephone companies charge you to permanently hide your phone number. I've got my trusty SpoofTel account and I really enjoy using it in the occasional prank call to family members and friends. I can understand the problems with Caller ID spoofing... especially in fraud and scams. I just hope that if these bills are passed in the Senate and become law that they are used as intended... to deal with the fraudsters and scammers and not used to harass the little people who use Caller ID spoofing.
Note: For those of you that live away from home and make weekly calls to family back home. I highly suggest a SpoofTel account. Call your loved ones from a local number and tell them you're in town for a couple days and are on your way over... you stopped to call from a pay phone. You can really mess with them. You can also call one family member from another family member's phone number... it can be the source of endless hours of entertainment.
The last thing I wanted to mention is that the research team behind McAfee SiteAdvisor now has their own blog. The first few posts look interesting and everybody should probably check it out and add it to their RSS feeds in the near future.
numerophobe said,
June 15, 2007 at 2:30 am
The SiteAdvisor blog has been around for quite a while. A lot of their older posts were really good. I recommend looking at the posts from early 2006.
Ross Barrett said,
June 15, 2007 at 10:30 am
Okay HT, I’ll bite, since I think this ties into what we were talking about on the street car the other day. I think you missed part of the point of Rich Mogull’s post. He *had* all the training and top marks, which I why he *should* have known the right thing to do, but didn’t because of his lack of experience.
I agree with you 100% that experience is more valuable than book/classroom learning. But consider this, who has more potential value to their employer? (assuming experience and schooling directly relate to the job) An employee with 4 years of school and no experience or an employee with 4 years of experience and no formal training. Obviously the later, okay… so who has more potential value to their employer, an employee with 4 years of school and 4 years experience or an employee with 8 years experience? Well… Stretch it out further, the employee with 4+8 vs 12? Or go back the other direction, would you rather have an employee with 4 years of school and no experience or an employee with no training and no experience? I think the relationship is not linear. There is a point in any career/role where experience will triumph over training, but would you want a paramedic who had never taken a first aid course?
Job postings that call for formal training without professional experience are for entry level jobs. Having the formal training will take you further in the later half of your career, even if you are playing catch up (in experience) with people younger than you early on.
-Ross