Educated youth. About patterns and processes
At present, a former student, a schoolchild, a teacher, an employer and a representative of the university have spoken about problems in higher education (maybe even someone else will speak at the time of publication). But most of the articles talked about how difficult it is for a student to gain knowledge. But we put a student received them in one way or another - by himself or with the help of the university. Came out - and here the most interesting begins. Was he preparing for that activity? Does the complex of his skills match the requirements of a successful IT career?
By occupation, I have to speak in front of students and already established specialists (at universities and at conferences), participate in meetings with potential customers, where they discuss the implementation of protection systems. Most of the people we have to meet are accomplished technical specialists, who are usually well versed in software (although of course there is anything). And while constant complaints that they can not promote the project - or in the company, despite the established protection, certain incidents occur.
Let's start with a dialogue with the business.
Are recent graduates ready to give a presentation to company directors or employees? Can they present the winning side of the project?
So it turns out that when studying at a university, the future system administrator learns the basics of working with software and hardware. But he gets a job in most cases responsible for everything that happens in the company. Procurement of everything and everything, participation in negotiations, consultation of the management and upholding the need for modernization and implementation before. The activity is largely a manager, a project manager. And is yesterday's student ready for the fact that he will be not only an administrator or a security officer, but also a manager? Perhaps even - first and foremost, a manager who organizes a wide range of activities related to IT?
')
The need for user training, teamwork basics, negotiation basics, etc., etc. Do former students know this? Industry leaders say a lot about the country's need for legions of programmers. But for some reason it is very rarely said that a variety of managers are needed - project managers. Yes, of course, there are enough articles and books on this topic - but how much is this topic demanded by those who study to be a programmer or a security specialist?
As a result, we have a moan of Yaroslavna on the topic “business does not understand.” Naturally does not understand. He is spoken in the bird language of a techie.
And then perhaps a place to quote :
As a rule, they never give the right answer.
What I gave this example? University must learn to think. A graduate of an institute or university should not just apply the template, but understand why he is doing so and not otherwise.
Quote from one publication:
Another problem is the procedure. I often have to read introductions to security incident analysis. Therefore, another typical example:
Usually in the hall set the procedure for about two people. Sometimes no one. That is, despite the promotion of all kinds of ITILs and the presence of excellent standards for analyzing incidents, the procedures are not being adjusted. Problems are solved as they arise. Is it correct? Hardly
Well, in the end of the university and business. It says a lot about how business should help learning. Very often, after the end of the presentation, representatives of different universities approach me, thank you for the interesting information and are interested in the possibility of cooperation. What do you think - how many universities have contacted this question themselves, without waiting for requests from the vendor and how many of them did not disappear after the first letter?
By occupation, I have to speak in front of students and already established specialists (at universities and at conferences), participate in meetings with potential customers, where they discuss the implementation of protection systems. Most of the people we have to meet are accomplished technical specialists, who are usually well versed in software (although of course there is anything). And while constant complaints that they can not promote the project - or in the company, despite the established protection, certain incidents occur.
Let's start with a dialogue with the business.
Are recent graduates ready to give a presentation to company directors or employees? Can they present the winning side of the project?
So it turns out that when studying at a university, the future system administrator learns the basics of working with software and hardware. But he gets a job in most cases responsible for everything that happens in the company. Procurement of everything and everything, participation in negotiations, consultation of the management and upholding the need for modernization and implementation before. The activity is largely a manager, a project manager. And is yesterday's student ready for the fact that he will be not only an administrator or a security officer, but also a manager? Perhaps even - first and foremost, a manager who organizes a wide range of activities related to IT?
')
The need for user training, teamwork basics, negotiation basics, etc., etc. Do former students know this? Industry leaders say a lot about the country's need for legions of programmers. But for some reason it is very rarely said that a variety of managers are needed - project managers. Yes, of course, there are enough articles and books on this topic - but how much is this topic demanded by those who study to be a programmer or a security specialist?
As a result, we have a moan of Yaroslavna on the topic “business does not understand.” Naturally does not understand. He is spoken in the bird language of a techie.
And then perhaps a place to quote :
Here is a hole, here is a hole, and here it’s just a hole; therefore, it is necessary to carry out regular pentests, hire a Red Team, buy a security scanner and a code analyzer, and, well, implement WAF with machine learning. At the same time, these reflections have nothing to do with security, oddly enough. There is no root cause analysis, which leads to bad consequences, which are plugged with various gags in the form of mindless use of best practices or the purchase of pentest and WAF.I do not agree with the opposition of security guards and admins, which is described in the article from which I took a quote, but it characterizes the situation for sure. A typical example is a conference or a meeting with a client. The question is “Why does your company use an antivirus?”. The answer may be from “Are you kidding?” To a barrage of options. For the average we take the option:
- Because everyone does it;
- Because they require regulators.
As a rule, they never give the right answer.
What I gave this example? University must learn to think. A graduate of an institute or university should not just apply the template, but understand why he is doing so and not otherwise.
Quote from one publication:
Yes, there (in the university) you can meet people ... and perekontovatsya 5-6 years. Everything. He does not teach business ethics or networking ... He does not learn to learn, because cramming is not the study of information. He does not teach to look for information / googleIn practice, it’s okay that almost no one reads the standards and laws, but the bad thing is that the protection actions are carried out as a template. Need virus protection? We put antivirus! Missed? Change to its competitor! But what to go far - calls like "and what are your system requirements?" - are regular. Or the times of mass defense of PD. A cloud of calls on the topic “Is your product certified to comply with 152-?”.
Another problem is the procedure. I often have to read introductions to security incident analysis. Therefore, another typical example:
- Who in the hall over the past year have been cases of infection? (usually 30 percent)
- Are you ready for the fact that you will have attempts to infect, including malicious programs that are unknown to your protection system? (usually consent)
- Does your duty shift / secretary know which phone to call and what to do in case of infection?
Usually in the hall set the procedure for about two people. Sometimes no one. That is, despite the promotion of all kinds of ITILs and the presence of excellent standards for analyzing incidents, the procedures are not being adjusted. Problems are solved as they arise. Is it correct? Hardly
Well, in the end of the university and business. It says a lot about how business should help learning. Very often, after the end of the presentation, representatives of different universities approach me, thank you for the interesting information and are interested in the possibility of cooperation. What do you think - how many universities have contacted this question themselves, without waiting for requests from the vendor and how many of them did not disappear after the first letter?
Source: https://habr.com/ru/post/339754/
All Articles