Week 52: What's next: Help me help others

As technology evolves, lessons come and go -- some are the same no matter how much time has passed, and some are unique to the technology-employed. The security industry has been on an exponential curve since 1985, the year the Orange book (Department of Defense Trusted Computer System Evaluation Criteria) was first published. The Orange Book indicated the government recognized the growth of computer systems and their associated security implications. I wonder if they knew how right they were going to be, not only for them, but also for consumers.

One of the things I've found when teaching about information security is that people want to know what you've learned that can't be found in a typical technical book. Technical solutions are everywhere but what security practitioners hunger for are solutions, ideas, coping mechanisms and adapting techniques that aren't in books. Sure, people have asked me for technical advice, but I believe even more have asked me for advice of a non-technical nature -- how to handle a certain situation, career advice, training paths and so on. I think it's time we help each other with what we've learned over the years. I want to know this from you: What are the top three lessons you've learned practicing security? And why? I'm going to gather all of the responses from people through as many venues as I can (e-mail, conferences, word-of-mouth), organize the material, and publish it periodically in Security Wire Perspectives and ultimately as a

    Requires Free Membership to View

book. The cut-off date for responses will be June 30.

Here's what I'll need:
-What are the top three lessons you've learned practicing security? Try to keep each lesson to less than 200 words
-Briefly describe the situation and note the result
-Explain the lesson learned
-Summarize how that lesson affects what you do or don't do today

Please provide the following information at the end of each of your three lessons learned in your note:
-How long you'd been in security when it happened
-Approximate year the lesson took place
-Name, position/title and name and location of the company you're currently with
-Contact phone number and e-mail address
-Whether you'd like your personal information withheld.

Please note that I must have your contact information for verification and questions about your text, but you can ask that it be withheld. If you do not provide the contact information, I cannot legally use it. In exchange for sending me this information and helping me write the book, I will send you a free copy when it's published.

Please send your information via e-mail to SecurityLessonsLearned@techtarget.com.

It's been a pleasure writing this column; I hope it's helped you. Have a great security planning year!

About the author
Shelley Bard, CISSP, CISM, is a senior security network engineer with Verizon Federal Network Systems (FNS). An information security professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia.

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

This was first published in December 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.