-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm of the opinion that the core question of this tread could be answered by looking at other industries. Specialization in any given industry is entirely driven by demand, and demand fluctuates easily to outside influence. In short from a survivability standpoint, there are more INFOSEC jobs then Penetration Testing Jobs, and there are certainly more Network Security jobs then Firewall jobs. If you hit a rough patch in your career I think you may want to have a resume handy showing how broad your skill set is. That said your specialization(s) are whats going to set you apart from other potential candidates.
Rather then a jack of all trades master of none, I strive to be a jack of most trades and master of a few. A specialist can certainly be a loose cannon when operating outside of his scope, no different from a generalist who's in over his head who risks overlooking critical details. As professionals we need to not only recognize our strengths and short comings, but also be willing to call upon assistance when needed. This is truly a separate topic worthy of further discussion. In my experience at two very large US telecommunication companies; I would say that a generalist may not be what HR was looking for, but its certainly what they needed. Large organizations suffer huge productivity losses due to over-specialization. I've spent far to many hours of my life on a conference bridge of 20-30 specialists that barely understand their role in a more involved incident response. Certainly having three different teams assigned to defining firewall policy, implementing firewall policy, and documenting firewall policy can quickly make the work environment less responsive and more bureaucratic. In summary I would argue in favor of the generalist who's chosen a specialty to devote 20-40% of his/her focus. When thinking of survivability you cannot afford to be short sighted, as your career develops you will likely become more responsible for broader areas of an organizations security. That said an experienced generalist will certainly be able to cover these areas more effectively. The is especially important should you develop managerial ambitions. I would certainly be afraid of a CISO that spent 20 years only doing client side anti-virus deployments. Allen DeRyke PS. I would try to remain somewhat vendor neutral regardless of your specialization, you may never need to know Juniper in a Cisco environment but when it comes to survivability you would certainly want to say “Yes, I know that” rather then “Well my thing is really $vendor, but they went out of business” On Sun, 16 Aug 2009 10:07:00 -0400 Raffi Jamgotchian <[email protected]> wrote: >That's precisely what's wrong about your argument. Your asumption >is >that the generalist doesn't have deep understanding in any >subject. > >A good generalist can do the work of many people. But the same >good >generalist needs to know when to call in for help. > >In my experience, present company excluded of course, specialists >that >are typically so narrow in thinking cause more issues than not. >Because they don't completely understand the affects on >surrounding >disciplines. > >---- >Raffi > >On Aug 16, 2009, at 8:49 AM, Shane Kelly <[email protected]> >wrote: > >> I think you are going to have incompetent people at either side >of the >> spectrum. >> You could argue that generalists are multi-handed specialists / >or >> that specialists do not have sufficient understanding of >surround >> areas. >> You could also argue that generalists do not have enough >technical >> understanding or patience to pursue a given specialism. >> >> It ultimately comes down to how must time and effort people are >> willing to invest in understanding their acclaimed subject. >IMHO, you >> can not encapsulate peoples skill level at a 100 foot view of >there >> depth into the subject. You need people in both sides of the >field. >> Generalists to have enough knowledge to understand where >organisations >> should focus efforts. >> Specialists to focus on that area and have deep technical >knowledge of >> that area to ensure a quality work is performed. >> >> In my view, generalists make good sales people, specialists get >> recognised in the security field for there technical >achievements. >> >> Shane >> >> >> 2009/8/16 Raffi Jamgotchian <[email protected]>: >>> Hear hear. Whether a generalist or a specialist, hubris will >bite >>> you. >>> >>> ---- >>> Raffi >>> >>> On Aug 15, 2009, at 10:35 PM, Michael Douglas ><[email protected]> >>> wrote: >>> >>>>> jack of all trades messed up the environment >>>> >>>> OK this is the one area where I wasn't too clear on the >earlier >>>> thread. I'm assuming that you are competent in everything >that you >>>> say you're going to do. Unfortunately, this isn't the case. >There >>>> are many Jerks of All Trades who will mess things up badly. >>>> >>>> >>>> For those who mentioned it above, yes being a generalist does >tend >>>> to >>>> get you in the small and medium sized businesses... but there >are >>>> exceptions... take my day job for instance. For those of you >who >>>> don't know, I work at OCLC -- a non-profit library coop. >We're what >>>> I'd consider large. We have over 72,000 libraries in our >>>> collective. >>>> We have a database with holdings information on about 1.2 >billion >>>> (yes >>>> billion) records (books and other stuff). We have a few >thousand >>>> servers... yet they hired me... A generalist! >>>> >>>> I'm a generalist... but a big part of my ability to get things > >>>> done is >>>> admitting what I don't know. For instance, a big part of my >skill >>>> with forensics is how I DON'T mess up data. If things get to >hairy >>>> for me, I can wrap things up and call in folks who are better >than >>>> me >>>> (and remember, there ALWAYS is someone better than you -- >thinking >>>> otherwise is the first step on the path to destruction) >>>> >>>> knowing when to sit down and hack or when to walk away is >probably >>>> the >>>> greatest skill anyone in computers can have! >>>> >>>> - Mick >>>> >>>> >>>> On Sat, Aug 15, 2009 at 2:42 PM, John >Navarro<[email protected]> >>>> wrote: >>>>> Good point Tim! >>>>> Robert, I do think that a "jack of all trades" type will fit >in >>>>> better to >>>>> smaller companies, whereas the specialized, from my >experience, >>>>> seem to have >>>>> a better chance at getting into larger corporations. It was >never >>>>> my >>>>> intention to be "specialized", but having worked at a >firewall >>>>> vendor it was >>>>> just easier to find those opportunities that required a >specific >>>>> skillset. >>>>> Of course it could be that the jack of all trades messed up >the >>>>> environment >>>>> and they needed someone specialized to come in and clean it >up ;) >>>>> >>>>> On Sat, Aug 15, 2009 at 8:16 AM, Tim Krabec ><[email protected]> >>>>> wrote: >>>>>> >>>>>> Don't forget your specialization does not have to be >computer/ >>>>>> program >>>>>> related >>>>>> >>>>>> You don't have to specialize in "forensic analysis of >devorak >>>>>> keyboards >>>>>> for AS/400 systems >>>>>> emulating Apple IIc systems" >>>>>> You could specialize in database recovery for small >businesses. >>>>>> Or BCP & >>>>>> DR for law offices or real estate companies. >>>>>> >>>>>> -- >>>>>> Tim Krabec >>>>>> Kracomp >>>>>> 772-597-2349 >>>>>> smbminute.com >>>>>> kracomp.blogspot.com >>>>>> www.kracomp.com >>>>>> >>>>>> _______________________________________________ >>>>>> Pauldotcom mailing list >>>>>> [email protected] >>>>>> http://mail.pauldotcom.com/cgi- >bin/mailman/listinfo/pauldotcom >>>>>> Main Web Site: http://pauldotcom.com >>>>> >>>>> >>>>> _______________________________________________ >>>>> Pauldotcom mailing list >>>>> [email protected] >>>>> http://mail.pauldotcom.com/cgi- >bin/mailman/listinfo/pauldotcom >>>>> Main Web Site: http://pauldotcom.com >>>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >_______________________________________________ >Pauldotcom mailing list >[email protected] >http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >Main Web Site: http://pauldotcom.com -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkqILV4ACgkQDIjDYcBm5pbBtAQAnaBIgq4OsorqzzXTDO7p697T+yyN HvRdMkIwzow9JkQwgYyo8Ob8B7bpRVhLAhoIPqIvU88iyoMW41zTWKHdRqmyAI9pqUZQ v2lcagrg28NHIKCRNg06nrKcuA5y80gARxZg34+SfZBNBvenucqSGi59914mvMvUzdh6 lSV0BOc= =zZQp -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
