Wednesday, September 19, 2007

Malaysia Network Security Community

I have added link to my site which initiated by spoonfork, we are currently digging into Bro-NIDS and you will find a lot of tips regarding Bro in the site. However that's not the only purpose of Malaysia Network Security Community Site, there are many things we would like to do such as honeynet, security commentary, getting Malaysia security professionals together and so forth but time is the limitation to both of us.

Anyway if you had noticed, we have

- honeynet project

- raWPacket project

Both will host all the projects we are working on such as HeX liveCD, honeynet and etc.

Maybe its time to recruit new bloods?

From my point of view, our country is still lacking of real security professionals. On the other hand, computer security certification itself destroys the security industry by training a lot of junks and talk cockers as long as you know how to pass the exam(not that you have the knowledge to pass the exam), the capability of the security professional can never be measured relying on how many related certifications you have as this field requires a lot of studies and steep learning curve as well as self-discipline.

I'm not anti-certification, but with people I have met thus far, the quality is always not up to the par with the title in the given certification and it creates the fake reality and self-ego to the person himself/herself.

Those big companies are the helpers too, they will always recruit people with more certifications than less, and do we think more is always better? In this century, the quantity seems to overtake the quality. With this kind of undesirable trend, I have heard from some of my friends where they have to obtain related certification in order to get employed or better pay or even promoted.

To whoever think I'm ranting now, I'm seriously not. Face it, this is the reality.

It's time to wake up .....

Peace ;]


Anonymous said...

It has to be stressed, and even LPI says this that certifications are only a measure of minimum skill sets. It does not replace the need for a proper interview and evaluation process.

Anonymous said...

How true it is, I have come across security professionals who only know how to use a particular product. Once I even heard one so called professional that he doesn't trust open source stuff.

Asmy friend used to say....God bless you lar!


GuTi said...

People like certificate, because certificate makes them look like a professional! :p

Anonymous said...

That's a normal thing with companies nowadays. They see your results (cgpa) or else wont even give you a chance for interview to see what you know and what you dont. People with better results are hired instead although they know nuts, coz they just memorize to pass exams and do well without knowing what they are memorizing. I've seen IT graduates who cant even format a pc properly and a lecturer with Masters who doesn't know what is remote login and also telnet.


C.S.Lee said...


Thanks for the comment, though it won't change the scene ;P

Anonymous said...

Totally agreed with your observation man. IMHO, the main problem is we don't have many 'new blood' that willing learn the old school ways! Even to read pun malas how to become a 'hacker' ;-)
Yup too many clueless people with certification but also i've noticed some of so called 'hackers superstar' is also not up to the par. That's more pathetic man. IMHO of course :-)
Btw great job on your blogs +

<~!@#> said...

It's a good idea if you write this stuff up to the mainstream media such as NST or STAR. Who knows it might give them some idea. Maybe the method of training security professionals should be change from teaching them to depend 90% on security products to security process.

C.S.Lee said...

Hi yondie,

I don't know mainstream media.

And usually they fail to deliver .....