Security is a process and not plug&play

Date May 15, 2009

I got a SANS pamphlet in the mail today, which makes me feel guilty. Not really guilty, as in "I should go but I'm not" (even though I should, and I'm not), but because in terms of IT security, I've sort of been in the "Oh, I'm sure that'll be fine while I'm doing all of this other stuff" mode. It's not a good practice to be in, but I don't see any way to give IT security the attention it deserves when all (and I mean all) of my free time is spent building new infrastructure and stopping the existing infrastructure from falling apart. And if you don't believe me,

msimmons@newcastle:~$ ps aux | grep Eterm | wc -l
21

That's not counting the VMs that are installing right now, or the VM diagram I'm using to keep track of which physical machine will be getting what virtual machine.

I cringe whenever I think about this phrase, but I don't have enough time to worry about security. The automatic response to that (even from/to myself) is "do you have enough time to clean up a break in?". I'm not monitoring logs like I want, and I don't even have enough time to set up a log monitoring system to do it for me. I'm hoping that in a few weeks things will relax and I can start putting emphasis where it should be, but it isn't right now. I really need more staff to give proper types of attention to security, various Oracle, Postgres, and MySQL databases, site buildouts, asset management, user support, and backups, but I don't have it, so I find myself juggling all of those various tasks, and my stress level is directly related to how many balls are in the air at one time.

Looking through the SANS booklet, I see all kinds of classes that I'd love to take (the Network PenTest / Ethical Hacking class, for one) but I can't even foresee enough free time to take the class, let alone utilize it.

Have any of you ever been to a SANS conference and received training? Was it worth it? How did you get to use it back at your job? Cheer me up and regale me with stories of success from conference training ;-)

  • Ed Smiley

    Hey Matt,

    Is this SANS training or any training? We seem to have enough trouble getting away for mostly any training. Most of the time we are constantly checking to look for problems that need are assistance and that tends to distract you from learning.

    As far as SANS goes, I have never taken an 'official', but from what I hear it is top notch and most likely the best in the country. They have been offering some previews and free courses that you can take at home at your leisure. Check out https://portal.sans.org/ for more info.

    Cheers,
    Ed

  • Ed Smiley

    They also offer 4 free mini-courses here: http://www.sans.org/ondemand/spring09.php

  • Reamer77

    A few years ago I took the "Securing Windows 2000" through SANS. It was interesting, but I don't feel like I got much out of it. Most of it wasn't anything I couldn't find for free myself. But it was a nice excuse to get out of the office for a couple days :)

    Their other classes may be more interesting, though.

  • Stephen Reese

    I have taken the GCIA and GCFA via OnDemand and loved them. I really want to take the SEC560 when time/money permits. I think they're worth it.