Home > IT, Reviews, Security > [SecTor Review] Growing the Security “Profession”

[SecTor Review] Growing the Security “Profession”

November 22nd, 2007 Leave a comment Go to comments

SecTor Keynote
Speaker: Dr. Richard Reiner
Presentation (pdf)

It was Day 1 of SecTor and I had gotten up much earlier than I usually do, so I was still half asleep as the SecTor house keeping was occurring, the house keeping ended and a round of applause brought me out back to reality just as Dr. Reiner was taking the stage. Needless to say, the thought of catching a few z's didn't even occur to me after the keynote started.

The topic was 'Growing the Security "Profession"' with profession in quotes. The keynote pointed out that InfoSec isn't a profession right now... we aren't recognized professionals like doctors, lawyers and engineers. Then the question was posed, should we be professionals?

A number of interesting questions were posed:

  • Do we professionalize IT or IS?
  • Do all aspects of IS qualify as professionals?
    • Would researchers qualify?
    • Would corporate security teams qualify?
    • Would pen testers and auditors qualify?
  • Who would benefit?
    • Would IS professionals benefit?
    • Would the public benefit?

In the end, no answer was given... it wasn't a "this is what we need to do" presentation, it was a "here's a concept to think about" presentation. In the end it left you thinking, which is exactly what I think a keynote should do. At first I thought it was a very cut and dry answer... yes we need to professionalize.

  • We become members of a respected community
  • We gain exclusivity... eliminating those who don't qualify
  • We have a standardized code of ethics
  • We eliminate the "piece of paper" certificates that test what you can memorize, not what you know

At least that's how I saw it at first... the more I thought about it I saw several cons.

  • We cause a greater divide between the "underground" and professional sizes of IS.
  • A lot of the great minds in IS wouldn't have necessarily become IS Professionals when they were doing the interesting work that they were doing.
  • A standardized code of ethics has never been agreed upon in the past, and now we're going to put it in the hands of a committee to determine?
  • Formal education, something that definitely isn't a requirement in IS, suddenly becomes a requirement.

So, over the past couple of days, as I've thought about this... I've realized it isn't so cut and dry... and if I had to vote for or against professionalizing IS, I'm still not sure how I'd vote. At least I'm thinking about it... and that was, as far as I understand, the intended outcome of the presentation.

Note: I just took a look at SecTor and I don't see the slides posted yet, as soon as slide decks are out, I'll attach links to them.

Categories: IT, Reviews, Security Tags: , , , , , , ,

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

  1. No comments yet.
  1. No trackbacks yet.