securitywannabe: 10 myths of life in infosec

The SecurityWannabe has posted one of the better lists I’ve seen in some time: 10 Myths About Life As An IT Security Professional. Some I wanted to pull out:

4. You won’t learn as much as someone doing a “normal” IT job. Depending on your role in security, I find that we need to have some level of aptitude in everything IT, from scripting, to programming, to low level memory analysis, desktop troubleshooting, networking, packet analysis, web app coding and architecture, cc surveillance, wireless cracking, optimized scanning, manual scanning, and on and on. Even a jack-of-all-trades in an SMB may not know quite this much. And if we don’t know one of these topics, we know places and people to ask to get answers and self-teach.

5. Your friends will disown you – IT security is geek – but not “cool” geek. One of the best parts is being able to relate to non-geeks. For instance, my parents and I can talk to each other on their level about data theft and credit card fraud risk, or the concerns about adopting wireless in their home or at work. I can’t talk to them about coding kickass C# apps, the newest developments in virtualization, how sexy the latest big iron is, or the most recent Ubuntu release. I once even had a roommate who thought her boyfriend was looking at too much porn. And let’s just say he couldn’t do anything to stop me from keeping her well informed indeed.

An excellent list that I consider a must-read highlight so far this year.