10 things I hate^H^H^H^Hlove about you

There has been a few posts of late with various “10 things” topics being thrown around. Most of the topics I pay attention to are of the “geek” variety even though there are many things I would consider myself, a geek not appearing in that list. But that’s a story for another day. What I am really trying to get at is my stab at the top ten “things to be thankful for in Information Security”. I haven’t seen one of these out yet so I thought I’d add my 0.02c worth..

So without any further ado.

the TOP 10 THINGS TO BE THANKFUL FOR IN INFORMATION SECURITY

(list not in order, i’m not that dumb)

nmap

Let’s be honest. We’re not supposed to tie ourselves down to one as was very well pointed out by Carlos Perez but let’s just be honest here. Nmap is the defacto standard for not just network sweeping, port scanning and banner grabbing but with the Nmap Scripting Engine there are so many more options available.

twitter

No, I’m not talking about the spate of Britney pwnage or that cat with more followers that Britney. I’m talking about getting near real time information about the latest and greatest from many sources around the globe. Just make sure your pooh filters are enabled as the signal/noise ratio is very dependent on the mood of the “Tweeple” (I loathe that word).

scripting language X

Do you think I’d be stupid enough to go down the python/lua/perl/ruby road ? But no matter what your poison, rest assured that the scripting language makes mince meat of those tedious tasks we do daily. But mostly you should all use Python because it rocks

s/vmware\ fusion/your vm_app\ of\ choice

I’ve gone the Vmware Fusion route simply because it out performs Parallels. At the end of the day it’s fantastic to be able to fire up an operating system and mess around with code/malcode/scripts knowing that if something goes horribly wrong you’re just a “Revert to Snapshot” away from being back in happy land.

scapy

Ok so I could have lumped this into “scripting language X” but that would be silly. When you need to create a custom packet or 10 (thousand) Scapy is your man (or woman). It’s easy to use and more versatile than that girl in Vegas that one time after Jeopardy…er..

rss

What better way is there to consolidate the many many news sources out there into a easy to sift through, organised chaos. “Knowledge is power (But only if you know how to acquire it).”

books

Yes, good, old school, murdering the trees books. I am sorry but I cannot for the life of me read a PDF of a 600+ page book on my PC. I have read more since starting my Information Security career than I have in my entire life. The difference between now and High School is that the topic is interesting and holds my attention more than the teacher with the low cut blouse..

the 15″ macbook pro

Ok so this is more for me personally than anything else. It seems that most of the people I know in Information Security have a shiny Apple under their arm. I’m lucky enough to have a 13″ MacBook Pro and I have to be honest and say that I can never go back to a normal PC. Just a pity about the price tag….

podcasts

Another tricky one. Yes this could have been put in with RSS feeds as a source of news but more of the podcasts I listen to are more than just a simple news feed. So Pauldotcom, ExoticLiability, Eurotrash Security, Network Security Blog, Securabit, Security Justice and DiscussIT thank you for doing what you do….

the human race

Without Joe Bloggs, Bob, Auntie Sue, Jeff from down the road or that guy that clicks on EVERYTHING, we would not have a job. No users doing dumb things (just getting through the day mostly) would mean no security holes for us tinker with..So, this last one is for you (who clicks links without checking), and you  (who writes “code” that’s secure and validated) and most of all you (who doesn’t bother to learn anything other than the blue E is for internet)