VMU has been heavily involved in quite a bit of what has become mainstream in federal government InfoSec. They were the ones who built out US-CERT originally, they have had a hand in helping set up many of the CSIRT/SOC operations within the federal government, and they continue to play a role in helping train/evaluate these teams. Although I suspect that many people outside of (gov) InfoSec are aware of this history.
I agree that my run through of the article seemed to point to problems more than solutions, but I have always felt that the old chestnut 'don't bring me problems, bring me solutions' was a bit shortsighted.
Yes, it would be nice if every problem had a solution provided in a gift wrapped box. Yet, it is dangerous to pretend that problems do not exist simply because we do not know how to solve it.
Now, how to do this without become overwhelmed and despondent in the face of these problems is another issue.
Ive created account only to say "thank you" for writing this article. Thought im just projecting issues that dont really exist because of not so long ride in this bus (just promoted to senior)...
At first i tried to tackle those issues but it seems that nobody cares or doesnt want to accept that we have such issues in the first place.
Im just happy others see those issues too and try to solve them at least by rising awerness.
Im also sure that if i tried to bring this article to discussion i would be fired next day because of "playing primadonna" one of our managers use to say...
I admit that even simple articles often have nuance that many would benefit from better exposure. Yet, a limited attention span would seem to be eclipsed simply by have better options in the vast sea of material not yet seen.
In a world where you have a massive backlog of good content, yes. Unfortunately, I struggle to find content which is both high quality and easy to learn from. Do you have suggestions?
That is a fair statement. I suspect that this poses challenges on a number of levels, including what areas on finds of interest and how they prefer to be engaged.
Between work, family, and school my opportunities to indulge are more limited than I would prefer. Recently I had an opportunity to listen to old lectures by Prof Malan (I understand that newer version of these lectures are now available on edx.org). When I am in the mood for something tied to current events, I enjoy taking time to read Krebs (krebsonsecurity.com) or catch up on conference presentations that I missed (still working my way through the material from ShmooCon).
VMU has been heavily involved in quite a bit of what has become mainstream in federal government InfoSec. They were the ones who built out US-CERT originally, they have had a hand in helping set up many of the CSIRT/SOC operations within the federal government, and they continue to play a role in helping train/evaluate these teams. Although I suspect that many people outside of (gov) InfoSec are aware of this history.