I've been pretty surprised, but things went well. I'm starting to believe that most people want to do what's right (provided that it's not *that* hard) but they just don't know how.
Full disclosure: I've finally found a big element of success is social engineering the folks who I need to attend. For instance, Clueless Carl is an eager eBay buyer, and was one of the first to sign up for a talk I titled "eBay the safe way" and the content was mainly just what you'd expect... but then toward the end I took a swerve and started talking about malicious browser objects and how attackers might steal your eBay logins... I saw a dramatic reduction in the number of folks who got drive-by downloads. I'm starting to work on another class about how devs need to sanitize user input, we'll see how that goes! (fingers crossed!) On Sun, Aug 16, 2009 at 1:11 PM, Jason Wood<[email protected]> wrote: >> And that's why I now offer up network 101 classes (and a series of >> others) to *anyone* who wants to attend. > > Mick, > I'm glad you made this comment and that you've started doing this. How are > the classes going > and what impact has it had on Carl and the organization? > > I've thought a lot about this idea right here, but never gotten off my butt > to put one together. > I've worked with a few Clueless Carls and while I can cuss about them real > good, I've never > done much other than give a terse lecture on why X was a really bad idea. > > So to jack the thread even further, perhaps I'm not doing enough to make > sure Carl doesn't > remain clueless. Carl has the major portion of that responsibility, but for > the good of my > sanity and the organization, some 101 classes may be in order. > > Jason > > On Sun, Aug 16, 2009 at 8:38 AM, Michael Douglas <[email protected]> > wrote: >> >> Yes, specialists with a lack of skill in other areas can be truly >> dangerous. >> >> Funny & true story (details of where this happened omitted to protect >> the guilty) >> >> One day I saw our IDS system explode with alarms about some truly >> horrific network traffic, at the same time, our host monitoring system >> started showing web servers winking out of existence. Evil was afoot. >> >> As I was about to run to the server room, a DBA we'll call Clueless >> Carl came over. And asked the most horrifying question I've ever >> heard. >> >> Carl: "Mick, I just ran into a strange ping problem. When I send >> pings that are over 2.5 meg in size I'll get a response back once... >> but then the rest time out." >> Me: (I made a squeaking "urk" type sound) ... what? >> Carl: You know ping. I need to test the network. Ping's how you do it. >> Me: well... sometimes. Did you say 2.5 Meg? As in megabytes? via ping? >> Carl: (clearly exasperated) YEAH! We're having trouble with the TPS >> reports... some of the results don't display in the browser right. >> Looking at the table the result set is a bit under 2.5 Meg. So I >> wanted to see why the network can't handle data sets that large. We >> have a problem here! >> Me: You have no idea! (evil grin) >> >> >> And that's why I now offer up network 101 classes (and a series of >> others) to *anyone* who wants to attend. >> >> >> Sorry to thread jack, but it was too good to pass up! >> - Mick >> >> >> On Sun, Aug 16, 2009 at 10:07 AM, Raffi >> Jamgotchian<[email protected]> wrote: >> > That's precisely what's wrong about your argument. Your asumption is >> > that the generalist doesn't have deep understanding in any subject. >> > >> > A good generalist can do the work of many people. But the same good >> > generalist needs to know when to call in for help. >> > >> > In my experience, present company excluded of course, specialists that >> > are typically so narrow in thinking cause more issues than not. >> > Because they don't completely understand the affects on surrounding >> > disciplines. >> > >> > ---- >> > Raffi >> > >> > On Aug 16, 2009, at 8:49 AM, Shane Kelly <[email protected]> wrote: >> > >> >> I think you are going to have incompetent people at either side of the >> >> spectrum. >> >> You could argue that generalists are multi-handed specialists / or >> >> that specialists do not have sufficient understanding of surround >> >> areas. >> >> You could also argue that generalists do not have enough technical >> >> understanding or patience to pursue a given specialism. >> >> >> >> It ultimately comes down to how must time and effort people are >> >> willing to invest in understanding their acclaimed subject. IMHO, you >> >> can not encapsulate peoples skill level at a 100 foot view of there >> >> depth into the subject. You need people in both sides of the field. >> >> Generalists to have enough knowledge to understand where organisations >> >> should focus efforts. >> >> Specialists to focus on that area and have deep technical knowledge of >> >> that area to ensure a quality work is performed. >> >> >> >> In my view, generalists make good sales people, specialists get >> >> recognised in the security field for there technical achievements. >> >> >> >> Shane >> >> >> >> >> >> 2009/8/16 Raffi Jamgotchian <[email protected]>: >> >>> Hear hear. Whether a generalist or a specialist, hubris will bite >> >>> you. >> >>> >> >>> ---- >> >>> Raffi >> >>> >> >>> On Aug 15, 2009, at 10:35 PM, Michael Douglas <[email protected]> >> >>> wrote: >> >>> >> >>>>> jack of all trades messed up the environment >> >>>> >> >>>> OK this is the one area where I wasn't too clear on the earlier >> >>>> thread. I'm assuming that you are competent in everything that you >> >>>> say you're going to do. Unfortunately, this isn't the case. There >> >>>> are many Jerks of All Trades who will mess things up badly. >> >>>> >> >>>> >> >>>> For those who mentioned it above, yes being a generalist does tend >> >>>> to >> >>>> get you in the small and medium sized businesses... but there are >> >>>> exceptions... take my day job for instance. For those of you who >> >>>> don't know, I work at OCLC -- a non-profit library coop. We're what >> >>>> I'd consider large. We have over 72,000 libraries in our >> >>>> collective. >> >>>> We have a database with holdings information on about 1.2 billion >> >>>> (yes >> >>>> billion) records (books and other stuff). We have a few thousand >> >>>> servers... yet they hired me... A generalist! >> >>>> >> >>>> I'm a generalist... but a big part of my ability to get things >> >>>> done is >> >>>> admitting what I don't know. For instance, a big part of my skill >> >>>> with forensics is how I DON'T mess up data. If things get to hairy >> >>>> for me, I can wrap things up and call in folks who are better than >> >>>> me >> >>>> (and remember, there ALWAYS is someone better than you -- thinking >> >>>> otherwise is the first step on the path to destruction) >> >>>> >> >>>> knowing when to sit down and hack or when to walk away is probably >> >>>> the >> >>>> greatest skill anyone in computers can have! >> >>>> >> >>>> - Mick >> >>>> >> >>>> >> >>>> On Sat, Aug 15, 2009 at 2:42 PM, John Navarro<[email protected]> >> >>>> wrote: >> >>>>> Good point Tim! >> >>>>> Robert, I do think that a "jack of all trades" type will fit in >> >>>>> better to >> >>>>> smaller companies, whereas the specialized, from my experience, >> >>>>> seem to have >> >>>>> a better chance at getting into larger corporations. It was never >> >>>>> my >> >>>>> intention to be "specialized", but having worked at a firewall >> >>>>> vendor it was >> >>>>> just easier to find those opportunities that required a specific >> >>>>> skillset. >> >>>>> Of course it could be that the jack of all trades messed up the >> >>>>> environment >> >>>>> and they needed someone specialized to come in and clean it up ;) >> >>>>> >> >>>>> On Sat, Aug 15, 2009 at 8:16 AM, Tim Krabec <[email protected]> >> >>>>> wrote: >> >>>>>> >> >>>>>> Don't forget your specialization does not have to be computer/ >> >>>>>> program >> >>>>>> related >> >>>>>> >> >>>>>> You don't have to specialize in "forensic analysis of devorak >> >>>>>> keyboards >> >>>>>> for AS/400 systems >> >>>>>> emulating Apple IIc systems" >> >>>>>> You could specialize in database recovery for small businesses. >> >>>>>> Or BCP & >> >>>>>> DR for law offices or real estate companies. >> >>>>>> >> >>>>>> -- >> >>>>>> Tim Krabec >> >>>>>> Kracomp >> >>>>>> 772-597-2349 >> >>>>>> smbminute.com >> >>>>>> kracomp.blogspot.com >> >>>>>> www.kracomp.com >> >>>>>> >> >>>>>> _______________________________________________ >> >>>>>> Pauldotcom mailing list >> >>>>>> [email protected] >> >>>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >>>>>> Main Web Site: http://pauldotcom.com >> >>>>> >> >>>>> >> >>>>> _______________________________________________ >> >>>>> Pauldotcom mailing list >> >>>>> [email protected] >> >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >>>>> Main Web Site: http://pauldotcom.com >> >>>>> >> >>>> _______________________________________________ >> >>>> Pauldotcom mailing list >> >>>> [email protected] >> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >>>> Main Web Site: http://pauldotcom.com >> >>> _______________________________________________ >> >>> Pauldotcom mailing list >> >>> [email protected] >> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >>> Main Web Site: http://pauldotcom.com >> >>> >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> [email protected] >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> > >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > > -- > > irc: Tadaka > Twitter: Jason_Wood > jwnetworkconsulting.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
