What makes for a good security blog? I was reading a comment from a well respected industry name who states that much of the content on the web is either “technical and often incorrect” or of “no practical use to most of the business world who all use a computer on a daily basis.” See here for more details. It got me reading back through some of my recent entries and wondering which category they might fall into. My stated objective of this blog is to talk about issues and challenges that are relevant to my everyday work as a security professional within a large organisation, and one of the things I’ve learnt over the last couple of years is that my while my technical skills are important, my soft skills are most critical to me being able to accomplish my goals in the office.
However, I don’t want to play down the importance of maintaining a good set of technical skills. Credibility within the organisation is important and when discussing security with technical people it’s important to know and understand the technologies, and to keep up to date with the industry. A good deal of my time is spent trawling through technical guides, installation guides, faqs, knowledge bases, and various other sources of information, and if I still have time after all that I might have some left to mess around in my own test lab. The latest thing I’m looking at is CAS – Central Authentication Service. It’s an open source authentication system being assessed by various development groups that I work with. It’s fairly simple to implement and a great, scalable, cost effective solution if you’re looking for a way to implement centralised authentication without spending a fortune on one of the big commercial enterprise solutions. I’ll probably talk more about this and other open source products at some time, maybe even on a technical but correct level!
So, back to my original point, let me know if you think this blog is useful or not or if you’d like me to go into more detail on particular subjects. I can always Google for the right answer! Only kidding….but it reminds me of a consultant I dealt with a few years ago who, on being asked if his company could a service to implement a certain vendors content management system stated “sure, we don’t actually know that one but we can download the documentation and come on over to you…” Talk about money for old rope!