Sorry all. Site is down at the moment. Server crash. Shoemaker's children and all that. Expect a new one up soon.
Warm regards, Geoff Halprin On 25 Oct 2013, at 3:44, Will Dennis <[email protected]> wrote: Hmmm. the URL http://www.sysadmin.com.au/sa-bok.html does not seem to respond (interestingly, it does ping, but the rDNS is "mail.sysadmin.com.au".) Anybody with an alternate link out there? Love! This! Discussion! Agree with the NIST definition, and would LOVE to see LOPSA (and/or LISA) pursue this. Looking fwd to meeting everyone who is going to LISA this year, hopefully the conversation can continue there f2f. - Will From: [email protected] [mailto:[email protected]] On Behalf Of Hal Miller Sent: Thursday, October 24, 2013 12:25 PM To: [email protected] Cc: Lopsa Discussion Subject: Re: [lopsa-discuss] Dan Geer on the state of Professionalization in Cybersecurity Geoff Halprin put together a good body of knowledge some years ago. Don't know whether he's kept it up. Check out sysadmin.com.au and look for sa-bok (sysadmin body of knowledge). At the lesst, it was an excellent starting point for someone wanting to look into this now. On Thu, Oct 24, 2013 at 11:21 AM, Ski Kacoroski <[email protected]> wrote: I like this NIST paper definitions: http://csrc.nist.gov/nice/documents/a_historical_view_of_how_occupations_become_professions_100312_draft_nice_branded.pdf 'For the purposes of this paper, the operational definition of profession is "a profession is defined by: (1) a body of knowledge, (2) ethical guidelines, and (3) a professional organization with a growing set of published papers and best practices" (Cox, 2010, p. 7).' Using this definition, we have #2 and part of #3 (e.g. LOPSA and the USENIX short books and some vendor best practice documents). We are still missing an up-to-date body of knowledge that people can refer to and easily find. cheers, ski On 10/24/2013 09:09 AM, Joseph Kern wrote: From the paper[1]: "A useful, more comprehensive definition can be derived from suggestions by several speakers at the workshop convened by this committee. That definition identifies the following characteristics of a professional: (1) passing a knowledge and/or performance test, (2) superior completion of study of intellectual basis of the profession, (3) a sustained period of mentored experience/apprenticeship, (4) continuing education, (5) licensing by a formal authority, and (6) ethical standards of behavior with enforcement, including removal from the profession. A field that possesses all of these characteristics will almost certainly be recognized as a profession, but not all are required for a field to be recognized as a profession." Sysadmin meet the criteria of items 3 and 4, but those seem to be the least important of the 6 items, as many trades share the exact same criteria. [1]: http://www.nap.edu/openbook.php?record_id=18446&page=14 On Thu, Oct 24, 2013 at 7:22 PM, Carolyn Rowland <[email protected] <mailto:[email protected]>> wrote: Mark, What is your definition of profession? Carolyn On Thu, Oct 24, 2013 at 10:23 AM, M^2 <[email protected] <mailto:[email protected]>> wrote: It took me a long time to figure out that the referenced study/paper is not using the word profession in the way I would. They explicitly refer to a profession as meaning it has fixed certifying bodies like the AMA that serve as a guarantor of a certain body of knowledge, or some other explicit training/qualification, like a certified engineer. Given my widely aired views on the value of certification in general, my initial revulsion to the statement is softened. I believe that the paper in question is playing redefinition games, but keeping their redefinition in mind, it reduces my concern. It's a long essay that goes into many different areas. I won't comment on most of it for now at least, but it was an interesting read, even those parts I disagreed with. On Thu, Oct 24, 2013 at 9:42 AM, Joseph Kern <[email protected] <mailto:[email protected]>> wrote: /"As you know, I work the cybersecurity trade, and I am gratified that ten days ago the U.S. National Academy of Sciences, on behalf of the Department of Homeland Security, *concluded that cybersecurity should be seen as an occupation and not a profession because the rate of change is too great to consider professionalization.*"/ Dan Geer just gave an amazing keynote (that I am currently writing up a review for on my blog) and this quote stuck out at me as an interesting topic of discussion for LOPSA. Here is the text of the keynote: http://geer.tinho.net/geer.uncc.9x13.txt Here is the study cited: http://www.nap.edu/openbook.php?record_id=18446&page=R1 I don't think I've ever heard "rate of change" as being included in a definition of a Professional before. Does this argument carry any weight? I imagine Doctors and Lawyers experience a "rate of change" that is far lower than that of a Systems Administrator or a Security "Professional". -- Joseph A Kern [email protected] <mailto:[email protected]> _______________________________________________ Discuss mailing list [email protected] <mailto:[email protected]> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/ _______________________________________________ Discuss mailing list [email protected] <mailto:[email protected]> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/ -- Joseph A Kern [email protected] <mailto:[email protected]> _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/ -- "When we try to pick out anything by itself, we find it connected to the entire universe" John Muir Chris "Ski" Kacoroski, Director of LOPSA, [email protected], 206-501-9803 or ski98033 on most IM services _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/ _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/ _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
