What is your involvment in Computers and/or Computer Security Everyday?

Nice!

Though I do some work in security as part of my job, I would not call myself a security professional, and I don't know what I want to do when I grow up. :-)

My job is more general in scope...in theory I am a security professional...however I wear many hats.

LosT

Umm, I'm an all purpose SA... if my systems get hacked it's a Bad Thing... but so ends the scope of my security duties...

Abbreviations are were it's at .

I deal with computer related stuff all day long, sometimes I have good days and then there are days that I wish I could just forget about.


Good days = Innocent Images National Initiative and ICAC programs has worked somewhere.

I'm an honest to goodness security professional, and let me tell ya, when you start getting to the top of the dogpile its not as cool as it sounds. I spend most of my day writing/reviewing/implementing policy, doing high level strategy and architecture, and very rarely get to h4x0r boxen anymore. You get to start out doing cool tech shit, but as you move up the ladder you spend more and more of your time involved with the politics of information security and the 40,000 foot view stuff. Its not all bad, I happen to like writing policy and doing high level architecture reviews, but its certainly a far cry from busting linux boxes.

There are plenty of times I've wished I kept computers as a hobby and went to work as a machinist or a welder.

You forgot one:

*) Certified Information Security Suckass Professional

That would be me.

Big ++

Once you get to a certain stage in INFOSEC it seems that you are destined for the program-level items such as defining the Security Policy and less in the functional security testing side. I've recently made the move back to assessments in hopes that I will be able to do more testing and evaluation. I do like designing security architectures, you get to play with a lot more of the, "X works better here than there, and if you use Y, then you have to have Z" instead of "I can't believe you are running X without Y, no wonder you get incidents every day and rarely hear about it."
Course, I've also thought about tossing most things with a drive bay in the lake and gone off to do pig farming, so who the hell knows.

As far as the poll goes, INFOSEC professional.

I'm not a professional. Honestly, I don't particularly *care* to be a professional. Not even on the weekends. I do this shit for fun and getting paid for it takes that rush away. Not that I have anything against getting paid, mind you. I just absolutely hated slaving away in a cube for 90 hours a week on salary and not getting any time for my own projects.

I'm really into the INFOSEC thing as work and play. The nice thing about my job: I get to do all my project at work as well.

I have found that INFOSEC is not for everyone, especially someone who climbed up the IT food chain to prepare (or fall into) for INFOSEC only to be an analyst pounding though logs all day long. This can be a huge turn off for someone who feels they "paid their dues" years ago.

But the personal pride, and the promise of moving up keeps you going until you start climbing. Noid has an excellent point about getting too high up in the food chain, you really do loose the hands on if you go up high enough. Usually the pay out weighs that though

True, I dont specialize in any one field, I do a little of everything, from telecom installs to programming. The majority of my work is hardware repairs, and software trouble shooting.

Im usually providing security advice after the fact. People dont understand the need for, say something as simple as a router, until something happens and thier system is compromised.

I imagine if I was considered a "security professional" I would be out doing only security auditing, and doing it before the exploit occurs.

I've specialized in things before and become outdated in other areas. I quit web design for 2 years and came back to find myself without knowledge of css, dhtml, mysql, asp ect..

To stay afloat here as a IT consultant, you have to offer a wide range of services.

I was a machinist. It was fun for a while...then jobs started leaving the country, and things tightened up in the American work place. My favorite part of being a machinist was writing the programs to make the parts on the CNC equipment. I even learned to program a CNC laser! Thats where my computer interest began.

As others have said... Its good to be well rounded... I can't imagine not being.... its the 'hacker' thing to do... (learn/explore).
I currently am not a 'security professional' but I'd like to think im pretty knowledgeable about the big picture and most of the current trends.

Currently im working on getting my BA/MS in Computer Science. Computer/Network security has been a long long time intrest, and a majority of my focus is in that 'realm'. But my motto has always been that if you want to know how to break something, you've gotta know how it works (and i mean REALLY know).

The best way (I think) to know how to secure something.. is to know how it's broken/abused.
So first you have got to understand how it works, then how to break it.. to the ultimate goal of making it(IT/net/world) more secure.

I'd like to think i know quite a bit about what i 'want to do when i grow up'... I spend a lot of time reading security books, and learning all I can from whomever. Plus, practice makes perfect... as much 'testing' as you can do on your own systems, having some friends (see: dcgroups) helps a lot. For any pen testers out there... the DefCon Capture the flag is a perfect example of good practice.

Its all about the big picture. Don't limit yourself and don't get tunnel vision because its a lot of the 'out of the box' ideas.. that create new vuln's....

Happy Hacking! (thanks to defcon admin for... well defcon)
(also see: toorcon, layerone, cansecwest)

I had to think for a while about how I wanted to respond to this thread. I find your poll condescending, at least, but more sanctimonious and offensive in the tacit assumption it makes that there are "security professionals" and no one else of any real "value" here.

I'm "none of the above" and here is a short sampling of my grievances.

In my professional life I have worn many hats. Most frequently, you will either find me doing Software Quality Assurance or CM/Build and Release Engineering. Sometimes, I do all of them at the same time and more. I've done "security work" and you know what I learned? (Noid may be able to attest to this...) By the time poorly tested software makes it onto your network/systems, it's usually too late. After users, poorly engineered and tested software is the leading cause of exploitable vulnerabilities.

Within "the community" the most gifted hackers(tm) that I know are either software developers/engineers or in quality assurance. They create solutions, solve problems or find bugs (aka vulnerabilities). I know quite a few SA's but surprisingly few are involved with the "security community", defcon or these forums. With ALL due respect to the cream of the crop at the top of the heap, in the post 9/11 world, "security professional" is just a euphamism for somebody in a suit who can blow sunshine up the ass of management.

When filtering for fucktards I usually find that people who do QA are hackers of some kind or other. Their job is to break software and report the flaws so they can be fixed before the software gets into customer hands. People with certs, titles and slews of initials behind their names may be able to write 'professional security policy' but of those, I know few who could effectively secure a network or system against a determined QA Engineer on a mission and *all* of those folks started out as blackhat crackers and worked their way up.

What was the point of this poll/troll?

From my point of view, the purpose was to generate a discussion, and to that goal, this thread has done pretty good.

I've found the content provided in this discussion useful.