what to learn

George Toft george at georgetoft.com
Mon Aug 26 08:34:03 MST 2013


To add to what Paul said . . .

What interests you?  I know many sysadmins that don't develop code; many 
developers that can't spell Linux (OK, they can, but they also think 777 
permissions fix everything, even access to data files).  I've even met 
SA's that couldn't script, but that limits their usefulness and shows a 
lack of motivation and curiosity - both highly desirable traits in the 
workplace.  IMHO, learn scripting not just to learn it, learn it to make 
your work more efficient.  If you can document some manual task, you can 
automate it.  Then you can then run that automation on all the servers 
in your care and have time left over, which makes you efficient.  In a 
previous job, I had over twice the number of servers as anyone else on 
my team, and four times the company average because I documented and 
semi-automated the server build finishing process, and I automated the 
daily health check.  So all my servers were consistent (almost 
identical) and I was done with my daily routine by 10am.  This gave me 
time to help others, project work, find ways to improve processes, 
collateral duties and irritate management.

And then there's security . . . I got a phone call one day asking to 
speak to the head of IT Security.  I work at a large organization and 
quickly counted up 11 different security organizations - which one would 
you like to talk to?  Click. LOL.  We have network, application, 
infrastructure security organizations, and their operations, engineering 
and architectural groups.  And don't forget audit, compliance, and 
CISO.  Most people think network operations when they think of security, 
but there is so much more to it.  Looking at the 10 Domains of the CISSP 
(Certified Information System Security Professional) certification shows 
there is a lot to "IT Security."

So whereas I hate to see security last in your list (most companies put 
security last on their list, too), the reality is you need to have a 
solid foundation doing *something* before you go down that road.  
Understanding the fundamentals and history will help, like . . . why is 
there a shadow file?  . . . what is the directory sticky bit used for? . 
. . why isn't the classic File Security Packet suitable for some common 
security situations?  Why did the NSA develop SELinux, then absolutely 
fail at deploying THEIR OWN CREATION and allow Edward Snowden* 
inappropriate access to classified materials (hidden question is what 
does SELinux provide that would have prevented this situation; and the 
bonus question is prove my implied assertion false)?  If I were to point 
to one thing in security to pique your curiosity, I would suggest 
looking up the FBI Top Ten for Unix Security and understand how to find 
and fix those problems.  As you can tell by my questions, I'm not a 
developer, even though I was (a long time ago in a galaxy far, far 
away), and that's a whole different world, too.  If coding interests 
you, pursue certification in secure code development - that will help 
you in many ways.

* I hope you ratbastards at the NSA read this email and understand how 
you utterly failed in the most incompetent way.

Regards,

George Toft

On 8/23/2013 1:11 PM, Paul Mooring wrote:
> I think there's a bit of a misconception for how the industry works 
> that leads to questions like this.  Web design is really more of it's 
> own thing centered around graphic design and css, although programs 
> *have* to know html these days.  Outside that it sounds like you are 
> getting ahead of yourself in terms of specialization, everyone doing 
> non-entry level IT work needs to know a bit of programming (you can 
> call it scripting if you like) and any non-entry level programmer 
> needs to know a bit the systems they right code for (sys-admin 101).
>
> If what you're worried about is building up the knowledge needed for a 
> career, in my opinion the right approach is "what don't I know?"  If 
> you have never written any code before don't worry about learning web 
> development, go learn some basic scripting simple perl/ruby/python 
> scripts and the basics of writing code in general.  If you're 
> comfortable with that but you don't know how your OS works, go set up 
> a linux server or compile a kernel or whatever else interests you.  If 
> you already know all that dive into something deeper, pick up a new 
> programming language or run through linux from scratch.
>
> One more thought, I'm of the opinion you can't "learn security" 
>  Securing a system is really more of a by-product of intrinsically 
> understanding that system and how it can be exploited.  That implies 
> that if you aren't already very competent writing code and 
> understanding system internals you can't be a useful security person 
> until you are.
>
>
> Paul Mooring
> Operations Engineer
> www.opscode.com
>
> ------------------------------------------------------------------------
> *From:* plug-discuss-bounces at lists.phxlinux.org 
> <plug-discuss-bounces at lists.phxlinux.org> on behalf of Michael Havens 
> <bmike1 at gmail.com>
> *Sent:* Friday, August 23, 2013 11:31 AM
> *To:* PLUG
> *Subject:* what to learn
> you know, I've asked the question about what to learn multiple times. 
> I think I've been asking the wrong question. The new incarnation of my 
> question is what do you think I should learn. Programming is one 
> option and web design is another. Is there another option i'm not 
> thinking  of? I guess security is a third. Any others? Things to 
> consider when answering that question would be what is needed? What is 
> the potential? What isn't being addressed.... things like that.
>
> I have more questions but I guess we should get that question out of 
> the way first.
> :-)~MIKE~(-:
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130826/693bc1ae/attachment.html>


More information about the PLUG-discuss mailing list