CSO - It used to be that security practitioners were seen as propeller-hat wearing introverts hunched over computers in dark, cold basements for weeks on end, shunning daylight and anyone who tried to start a conversation. Times have changed. But the path to respect isn't always what you'd expect.
Thanks to the blogosphere, social networking sites and podcasting made easy, many security pros are taking on a much more public persona, becoming near-rock stars. Evidence of this can be seen in abundance at this week's RSA conference and the nearby Security B-Sides event.
True, many security pros still prefer the quiet, isolated life. It's also true that the introvert tag was never a fair fit for many people. But several conference attendees acknowledged theirs has become a much more public profession. It's a necessity, they say. To truly improve security, people need to be out there communicating the threats computer users face and how to take the proper defenses.
Andrew Hay, information security analyst at the University of Lethbridge, opened Security B-Sides with a talk about his life on the "Security D-List" and the four pillars one can use to move higher up the ladder.
Hay, a specialist in forensics, incident handling and network security management, explained there are few celebrities in the security industry and many who are but don't know it. Then there are those who are stars and will let you know it at every opportunity.
"When we start our career, we are on the D-List and it's a tough climb out," Hay said. "Many are happy to stay there, others want to do great things. Very few see themselves as A-List. Many think they're above D-List."
Using an unscientific pie chart, he estimated that 84% of security practitioners are on the D-List. The A List are made up of those who are asked to present at conferences, get comp time from their employer to do it, and have invented something everyone has used.
Those on the B and C lists write blogs and have achieved some notoriety, but are harder to pick out in the crowd, Hay said.
"When you start you're just a security grunt in the trenches and it's really hard to blaze a trail," he said. "I started doing dial-up tech support, then I got into network security, and became a product manager."
Eventually, Hay went on to write such books as OSSEC Host-Based Intrusion Detection Guide and Nagios 3 Enterprise Network Monitoring.
He described the four pillars he used to advance in the security profession:
All that said, Hay said it's not always best to move from the D to A List. In fact, moving to the top can corrupt a person's perspective and make them less useful to their peers.
"The problem with the industry is the 'I'm better than the D-List' mentality," he said, noting that A-listers can "think they are higher in stature and it's an unfortunate place to be. I'm happy on the D-List."
(Security B-Sides is being held today and tomorrow from 10 a.m. to 5 p.m. at the pariSoma Innovation loft at 1436 Howard St. (at 10th), near the Moscone Center, where RSA 2010 is being held. The event is free, though representatives from the Electronic Frontier Foundation will be accepting donations.)
Read more about data protection in CSOonline's Data Protection section.
Free Insider Guide
How does your salary compare with your peers? Find out using our Smart Salary Tool.
Copyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
