Re: [lopsa-discuss] Dan Geer on the state of Professionalization in Cybersecurity

[Will Dennis]

(CC'ing Matt since he's on vacation and want him to see this...)

OK, does the open BoF slot 9:30-10:30pm on Wed night (session after LOPSA 
Mentorship BoF in same room ) work for everyone? If not, pls suggest an 
alternate...

Thanks,
Will

From: Joseph Kern [mailto:joseph.a.k...@gmail.com]
Sent: Friday, October 25, 2013 2:15 AM
To: Will Dennis
Cc: Pamela Lynn Howell; discuss@lists.lopsa.org<mailto:discuss@lists.lopsa.org>
Subject: Re: [lopsa-discuss] Dan Geer on the state of Professionalization in 
Cybersecurity

Looks like we found our organizers! A discussion on what professionalization 
(the act of a person becoming professional) will look like for sysadmin?


On Fri, Oct 25, 2013 at 3:37 AM, Will Dennis 
<wden...@nec-labs.com<mailto:wden...@nec-labs.com>> wrote:
OK by me - hope we can get Matt to attend as well as everyone else who's 
interested...


-----Original Message-----
From: Pamela Lynn Howell [pamelahow...@gmail.com<mailto:pamelahow...@gmail.com>]
Sent: Thursday, October 24, 2013 06:17 PM Eastern Standard Time
To: Will Dennis
Cc: Discuss@lists.lopsa.org<mailto:Discuss@lists.lopsa.org>
Subject: Re: [lopsa-discuss] Dan Geer on the state of Professionalization in 
Cybersecurity

Will!

Let's wrangle a BoF on the topic at LISA! Sounds a lot like a previous thread 
started by Matt a few months ago,  too.

I want to work on putting this together, seriously.

---pam
On Oct 24, 2013 12:44 PM, "Will Dennis" 
<wden...@nec-labs.com<mailto:wden...@nec-labs.com>> wrote:
Hmmm. the URL http://www.sysadmin.com.au/sa-bok.html does not seem to respond 
(interestingly, it does ping, but the rDNS is 
"mail.sysadmin.com.au<http://mail.sysadmin.com.au>".) Anybody with an alternate 
link out there?

Love! This! Discussion! Agree with the NIST definition, and would LOVE to see 
LOPSA (and/or LISA) pursue this.

Looking fwd to meeting everyone who is going to LISA this year, hopefully the 
conversation can continue there f2f.

- Will


From: discuss-boun...@lists.lopsa.org<mailto:discuss-boun...@lists.lopsa.org> 
[mailto:discuss-boun...@lists.lopsa.org<mailto:discuss-boun...@lists.lopsa.org>]
 On Behalf Of Hal Miller
Sent: Thursday, October 24, 2013 12:25 PM
To: s...@lopsa.org<mailto:s...@lopsa.org>
Cc: Lopsa Discussion
Subject: Re: [lopsa-discuss] Dan Geer on the state of Professionalization in 
Cybersecurity

Geoff Halprin put together a good body of knowledge some years ago. Don't know 
whether he's kept it up. Check out sysadmin.com.au<http://sysadmin.com.au> and 
look for sa-bok (sysadmin body of knowledge). At the lesst, it was an excellent 
starting point for someone wanting to look into this now.

On Thu, Oct 24, 2013 at 11:21 AM, Ski Kacoroski 
<kacoro...@gmail.com<mailto:kacoro...@gmail.com>> wrote:
I like this NIST paper definitions:

http://csrc.nist.gov/nice/documents/a_historical_view_of_how_occupations_become_professions_100312_draft_nice_branded.pdf

'For the purposes of this paper, the operational definition of profession is "a 
profession is defined by: (1) a body of knowledge, (2) ethical guidelines, and 
(3) a professional organization with a growing set of published papers and best 
practices" (Cox, 2010, p. 7).'

Using this definition, we have #2 and part of #3 (e.g. LOPSA and the USENIX 
short books and some vendor best practice documents).  We are still missing an 
up-to-date body of knowledge that people can refer to and easily find.

cheers,

ski

On 10/24/2013 09:09 AM, Joseph Kern wrote:
 From the paper[1]:

"A useful, more comprehensive definition can be derived from suggestions
by several speakers at the workshop convened by this committee.

That definition identifies the following characteristics of a professional:

(1) passing a knowledge and/or performance test, (2) superior completion
of study of intellectual basis of the profession, (3) a sustained period
of mentored experience/apprenticeship, (4) continuing education, (5)
licensing by a formal authority, and (6) ethical standards of behavior
with enforcement, including removal from the profession.

A field that possesses all of these characteristics will almost
certainly be recognized as a profession, but not all are required for a
field to be recognized as a profession."


Sysadmin meet the criteria of items 3 and 4, but those seem to be the
least important of the 6 items, as many trades share the exact same
criteria.

[1]: http://www.nap.edu/openbook.php?record_id=18446&page=14


On Thu, Oct 24, 2013 at 7:22 PM, Carolyn Rowland 
<unpi...@gmail.com<mailto:unpi...@gmail.com>
<mailto:unpi...@gmail.com<mailto:unpi...@gmail.com>>> wrote:

    Mark,

    What is your definition of profession?

    Carolyn


    On Thu, Oct 24, 2013 at 10:23 AM, M^2 
<mark.mc...@gmail.com<mailto:mark.mc...@gmail.com>
    <mailto:mark.mc...@gmail.com<mailto:mark.mc...@gmail.com>>> wrote:

        It took me a long time to figure out that the referenced
        study/paper is not using the word profession in the way I would.
          They explicitly refer to a profession as meaning it has fixed
        certifying bodies like the AMA that serve as a guarantor of a
        certain body of knowledge, or some other explicit
        training/qualification, like a certified engineer.

        Given my widely aired views on the value of certification in
        general, my initial revulsion to the statement is softened.  I
        believe that the paper in question is playing redefinition
        games, but keeping their redefinition in mind, it reduces my
        concern.

        It's a long essay that goes into many different areas.   I won't
        comment on most of it for now at least, but it was an
        interesting read, even those parts I disagreed with.




        On Thu, Oct 24, 2013 at 9:42 AM, Joseph Kern
        <joseph.a.k...@gmail.com<mailto:joseph.a.k...@gmail.com> 
<mailto:joseph.a.k...@gmail.com<mailto:joseph.a.k...@gmail.com>>> wrote:

            /"As you know, I work the cybersecurity trade, and I am
            gratified that ten days ago the U.S. National Academy of
            Sciences, on behalf of the Department of Homeland Security,
            *concluded that cybersecurity should be seen as an
            occupation and not a profession because the rate of change
            is too great to consider professionalization.*"/


            Dan Geer just gave an amazing keynote (that I am currently
            writing up a review for on my blog) and this quote stuck out
            at me as an interesting topic of discussion for LOPSA.

            Here is the text of the keynote:
            http://geer.tinho.net/geer.uncc.9x13.txt
            Here is the study cited:
            http://www.nap.edu/openbook.php?record_id=18446&page=R1

            I don't think I've ever heard "rate of change" as being
            included in a definition of a Professional before. Does this
            argument carry any weight? I imagine Doctors and Lawyers
            experience a "rate of change" that is far lower than that of
            a Systems Administrator or a Security "Professional".

            --
            Joseph A Kern
            joseph.a.k...@gmail.com<mailto:joseph.a.k...@gmail.com> 
<mailto:joseph.a.k...@gmail.com<mailto:joseph.a.k...@gmail.com>>

            _______________________________________________
            Discuss mailing list
            Discuss@lists.lopsa.org<mailto:Discuss@lists.lopsa.org> 
<mailto:Discuss@lists.lopsa.org<mailto:Discuss@lists.lopsa.org>>
            https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
            This list provided by the League of Professional System
            Administrators
            http://lopsa.org/



        _______________________________________________
        Discuss mailing list
        Discuss@lists.lopsa.org<mailto:Discuss@lists.lopsa.org> 
<mailto:Discuss@lists.lopsa.org<mailto:Discuss@lists.lopsa.org>>
        https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
        This list provided by the League of Professional System
        Administrators
        http://lopsa.org/





--
Joseph A Kern
joseph.a.k...@gmail.com<mailto:joseph.a.k...@gmail.com> 
<mailto:joseph.a.k...@gmail.com<mailto:joseph.a.k...@gmail.com>>


_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org<mailto:Discuss@lists.lopsa.org>
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
  http://lopsa.org/

--
"When we try to pick out anything by itself, we find it
 connected to the entire universe"            John Muir

Chris "Ski" Kacoroski, Director of LOPSA, s...@lopsa.org<mailto:s...@lopsa.org>,
206-501-9803<tel:206-501-9803> or ski98033 on most IM services
_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org<mailto:Discuss@lists.lopsa.org>
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/

_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org<mailto:Discuss@lists.lopsa.org>
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
 http://lopsa.org/

_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org<mailto:Discuss@lists.lopsa.org>
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
 http://lopsa.org/



--
Joseph A Kern
joseph.a.k...@gmail.com<mailto:joseph.a.k...@gmail.com>

_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
 http://lopsa.org/