security, encryption, and healthcare

Joshua Zeidner jjzeidner at gmail.com
Wed Feb 28 09:16:33 MST 2007 

 Joseph,

   In response to your comments below... there are many problems with
an 'uncredentialed security expert'.  Many of these problems extend to
non-security disciplines as well.  Essentially, it comes down to
trust.  And this hypothetical person has absolutely nothing at stake,
he could completely screw things up and what does he have to lose?  He
most likely picked up a few books, tooled around on his(or her) linux
box for a while, and started talking the talk... if someone didn't
even make the basic effort to get a degree in the discipline, I( and
many others ) have a very hard time being convinced of their sincerity
and credibility.  The typical fact is that they don't have any, they
jump into something because they see a hot salary, they fake it for as
long as it makes sense, and then jump ship into something else or go
start a rock band.  This group will in turn run themselves ragged
chasing after each and every technology trends that comes along.
These trends are getting more and more ridiculous and rapid every
quarter, and the investment one must make in keeping up with them( at
a personal or department level ) is way too expensive for the value
they may provide.  I just stay away from this crowd, they will just
run themselves down eventually.  These folks will not only destroy
their own careers, but they will ruin a department, website , etc. as
well.

  Although I am sure many here want to cover for their buddy who never
managed to get a degree, or perhaps they don't have one themselves...
but the fact is that if you are dedicated to the field, you have to
show the effort. I've worked with a person in the recent past who
fancied himself a security expert who loved to rant off about
honeypots and tcp-ip stacks, but none of these little factoids he
picked up have any grounding in experience, and there is no particular
reason why anyone would want to take him seriously.

  Even those who jumped in the mix during the 90s from other fields...
I still find them to be lacking in the basic skills of development.
As the job market continues to shrink, believe me those people without
BS CS on their little piece of paper will be sifted out, especially if
labor regulations are introduced.  In the recent past the CS field had
enough of a vacuum in the market to allow for these types of people,
but the economics of the current situation are turning it into a field
just like any other; you have to go and get someone to give you a
piece of paper that says you have knowledge of this field.  If you do
have experience and no degree, I would suggest making plans to get
one.  I'm certainly noticing that these groups are becoming stratified
into the 'web hacker' people and the trained career engineers.  When
push comes to shove and the DOL has to make a decision about who to
help, who do you think will make the cut?

  -jmz


On 2/28/07, Joseph Sinclair <plug-discussion at stcaz.net> wrote:
> I have to say, I don't agree with much of JMZ's view.
>
> It is entirely possible to work in security without an advanced degree and without academic experience.  The academics are needed if you're designing new algorithms, but most security work is designing and implementing security subsystems and auditing software for security concerns.  It doesn't take major mathematics to do that (unless you're implementing an encryption algorithm, something almost never done in practice), you just need a good strong detail-oriented focus, a strong systems-design skills, and a touch of paranoia, since everyone misses something in this field.
> Will healthcare tie into security, absolutely, although HIPAA defines requirements, the implementation of those requirements leaves a lot of room for software, and policy, innovation.  I don't think you'll find your math skills greatly used, however, unless you decide to do some work on one of the open-source encryption systems cross checking the algorithm implementations or something similar.
>
> Regarding the value of a degree, I've worked with incredibly skilled people who have no degree, and I've worked with incredibly incompetent people with a PhD, most people are somewhere between those two extremes.
> The degree matters to an extent (and more education is generally a good thing), but the character and qualities of the person who earned the degree always matters far more than the degree itself.
>
> The "baby boom" generation (born 1946-1964) is statistically much larger than the generations born in the 20 years prior or the 20 years following.  They also reproduced at a lower rate than their parents (average < 2 children/couple, net loss of population).  In fact the primary reason the US population continues to grow is immigration, but that can't change the fact that the average age of US residents is rising (see http://www.census.gov/ipc/www/usinterimproj/natprojtab02a.pdf)
> That said, the "graying" of the population is somewhat exaggerated (even in 2050 the census predicts that only ~21% of the population will be over 65), of course the projections to 2070, are somewhat more extreme, but they're also not statistically reliable.
> The problem that arises in that to pay social security for that 21% (vs. the 12% today) the working 42% (vs. 52% today) will have to pay around 40% of their income under the current social security model (3 times the current amount), and the economy wouldn't be able to support that.
> The solutions are well known, and there's no doubt they'll work, the problem is that they're not completely intuitive, and they reduce the power of the government, something many government officials don't like (they want more power, not less).  Also, everyone in Congress is deathly afraid of changing Social Security for fear of upsetting some very powerful lobbies in DC (AARP being chief among them)
> Healthcare for the elderly isn't likely to have a huge economic impact. Lifestyle medicine, such as psychiatric treatments, sleep-aids, and ED drugs (mis)used as enhancers, has a much larger impact and is driving much of the current growth in healthcare.
>
> As far as bubbles go, energy is a good current candidate, as is materials science.  It may be another year or so before the next bubble is really clear, but it probably won't be healthcare, that's more likely to hit in 2017, if ever.
>
> As for socialized healthcare, if you want to know what that's like, just look at France, or England.  Both have had socialized healthcare for some time (to varying degrees), and it's very eye-opening to see what the result of that has been.  If you want someplace closer to home, look at Canada, and ask yourself why so many wealthier Canadians cross the border to US hospitals for treatment each year.
>
> Sorry for the long rambling post, I wanted to try to cover all of your points (including some earlier items).
>
> Josh Coffman wrote:
> > I don't know that having the BS helped me or not after I had a few years of experience.
> > It sounds like a BS alone isn't enough to be taken seriously in Security. Dont really know.
> >
> > It is my understanding that the Baby Boomers were called such because they were a big population jump following ww2.
> >
> > I think nationalized (aka socialized) healthcare has more issues than population changes.
> > Personal opinion, but I'd trust a collective influence of individual decisions more than a centralized generalization by a few pushing influence
> > over the rest of a society. Stated another way, I trust my own opinions for my own life and my family's rather than handing it over to someone
> > in DC who doesn't know me and only really cares for continuing their pay and power with no responsibility.
> >
> > Admittedly, both ways have their issues.
> >
> > -j
> >
> >
> > ----- Original Message ----
> > From: Joshua Zeidner <jjzeidner at gmail.com>
> > To: Main PLUG discussion list <plug-discuss at lists.plug.phoenix.az.us>
> > Sent: Tuesday, February 27, 2007 1:16:15 PM
> > Subject: Re: security, encryption, and healthcare
> >
> > On 2/27/07, Josh Coffman <josh_coffman at yahoo.com> wrote:
> >> Excellent, Josh!
> >> Guessing my Math B.S. doesn't get me anywhere, and I'd understand that.
> >> It's just a B.S.; and I was too tired of being poor to accept the masters program offer. d'oh!
> >> Sounds like some other certifications would be helpful. Personally, I don't think I have the time. :(
> >
> >   It is a telling sign that a B.S. no longer gets you anywhere...
> >
> >> So Healthcare is growing, but how does that affect IT?
> >
> >   Well, where the money goes, IT goes... but that is not necessarily
> > going to change things for IT people.  I would think that some
> > background in healthcare would be marketable, but health agencies
> > manage things in the same way as any other type of organization and IT
> > people typically arent directly involved in the administration.  One
> > thing I have found is that managers will sometimes view domain
> > specific knowledge negatively, because it is threatening to their
> > position.  Typically managers want highly technical people who are
> > just simply going to fulfill technical requests and don't have the
> > possibility of getting involved with the actual administration of the
> > particular business.
> >
> >> I think it will become a bubble, and a big one...
> >> The large, aging sectors of our society will create an increased demand for health services. (Also, seems
> >> like so many people of various ages have 2-3 prescriptions for misc things.)
> >
> >   so they say, but the problem is that the younger working people are
> > going to pay for it.  Health 'insurance' is not really insurance in
> > the classical sense, its a financial scheme that promotes the sale of
> > certain types of services, and allows for creative payment structures.
> >  Im not really sure why we have any more of an 'aging population' than
> > we have ever had( did the older generation have less kids? ).  It
> > always seems like healthcare hooplah to me.  Its not hard to figure
> > out why the Healthcare industry wants to promote this future of
> > millions of old people hooked up to expensive devices and taking
> > costly medications.  These are the types of issues that prohibit
> > national health care plans...  jmz
> >
> >
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


-- 

( 602 ) 490 8006
jjzeidner at gmail.com

More information about the PLUG-discuss mailing list