justfication

During my quarterly review, the boss asked me to send him information so the new position can be justified. He also warned me that he may be critical of my progress on the sguil boxen for each location during the time the auditors are here (maybe as early as next week), so we may get more justification to take JD off the help desk and slap-and-dash her into something less phone-bound.

I'm welcoming any and all comments on how to procede. I've got "Infosec Career Hacking" (don't look at me like that; it was a gift from a well-meaning person) at home, and I believe I glanced over a section of the book that dealt somewhat with that.

However, I don't speak Business, Management, Cost Effectiveness, or Six Sigma. And after this morning, I'm not sure I'm ready to be qualified as a security analyst of any type. Sure, I followed some formulae to build a firewall and Richard Bejtlich's scripts have taught me a lot about sguil, but...

It lives!

-or- "I left my sensor in Sunset Valley"

One of the goals of this work objective has been to get a working sguil sensor/database combo into position as a test box for Sunset Valley. That goal has been reached. The next one will go into St. Mary's. It's a bit of a drive, but at least I'll know it will have been installed correctly.

So far, so good. At least, on the work front, with the sguil boxen.

Mr. Bejtlich wrote an interesting blog post entitled "How Do You Fit Into the Security Community?" Although I left a quick and silly comment on the TaoSecurity blog, I guess the answer is, "I don't". I'm not really in a position of securing much at this point. I'm just a random human who sent a sguil sensor down to Sunset Valley. I read my company's IDS logs, and I've taken CEH training, but that does not make me a security analyst. I will be attending a technical college and taking two years of Computer Information Systems Security courses, but that still does not make me someone who fits into the security community.

My desire is to eventually learn enough to do something to help secure my company's resources. My goal is to learn every- and anything I can on the subject for as long as it interests me, which seems like it will be a very long time. I'm not sure how one would categorize that, and I'm not sure I want to. The first word that comes to mind is unsavory; who wants to be called a "wannabe" or a "poseur" for at least trying?