At 19:57 07/12/96 -0500, hagan @
>it is my opinion that the demand in the industry requires that
>implementing security policy will become a task that non-techies can
>perform. I think that it could be directly inferred from this that, yes,
>there is a finite amount of time in the future after which techies will
>not be needed for most security tasks.
I doubt it very much. I have heard any number of "in the future we won't
need techies" predictions, and they have invariably proved false. What
happens is that the functions that previously needed the technically
competent are eventually automated, but the requirements move on and techies
are still needed for the new functions. In some areas of technology you
don't _need_ the new functions so you don't need the techies. However
Firewalls (and security in general) are driven not by the requirement for
new functionality, but by new threats which cannot be safely ignored.
For example, a prediction for a future development:
Virtual Network Perimeters will not merely be external (linking private LANs
across insecure public network), but will also be internal, carrying
potentially hostile traffic (e.g. Java applets) on Intranets. The VNP
internal traffic will be encrypted to ensure that it can only be processed
by security-harden systems inside the LAN.
You are right there will a _demand_ for security without competence. There
will almost certainly be people claiming to deliver it. However I _very_
much doubt they will manage it.