>>mjr None of the (real) security experts I know say that split
>What is it that makes someone a "real" security expert?
Open mouth, insert foot. :) Ok, I asked for that one.
What *DOES* make someone an expert in a field? With
respect to computer security, I think it's a matter of perspective.
I've found that the folks who really know what they're doing,
in any field, have enough depth that they are able to deal with
problems by understanding fundamental principles of the field,
rather than surface details. I know a guy who understands how
internal combustion engines work to the point where they all
look the same to him and he no longer needs to puzzle the
details between a Chevy smallblock and a lawnmower engine. What
happens is that the details become lost in the noise because
the basic principles are what matter. Expertise is a matter
of knowing the basics to a point where the benefit/cost equations
of a problem are *obvious*.
Now that the Internet is THE HOT PLACE TO BE, and by
extension Internet security is a HOT TOPIC, we'll see a continuing
tide of security experts. Hopefully it won't be as bad as lawyers,
but who knows? :) Some of those experts will be guys who have
been thinking about system management, network management, handling
*cash* or jewels - and Internet security will be intuitively
obvious, because really computer security is just like any other
security problem that involves cost/benfit analysis and tradeoffs
between utility and protection. There will be other guys who
have read all the CERT alerts and The Cuckoo's Egg and 2600
and are security experts. Those guys heads will be filled
with details and clever little hacky things and stuff that
makes them look smart but they actually lack the big picture.
A really smart programmer once told me that you
can tell a newbie programmer because when someone asks
"how hard is it to do XYZ?" they'll answer directly. He said
that you can tell a good programmer because when asked
how hard it is to do something, the answer is always,
"it depends." Years later, I met a true master programmer
and noticed that he often answered such questions with a
simple, "what are you trying to accomplish?" Which is truly
a profound response.
At the top of my all-time "movies to see" list is
Kurosawa's brilliant "Seven Samurai." One of my favorite
scenes is the part where they are trying to find expert
samurai and the leader of the gang has this newbie kid
stand behind the door with a stick, to whack the prospective
samurai on the head as they come in. Finally, one fellow
walks up to the door, looks in without coming near it,
breaks into a big grin and says loudly, "how amusing."
*THAT* is a "real" expert. :)
I misspoke, getting us down this rathole, and I
apologise. I'm rambling a bit, too, and I apologise for that