https://community.isc2.org/t5/Career-Discussions/Security-Engineering-Be-All-That-You-Can-Be/m-p/36167#M2617 <P><EM>"Security engineering isn't about adding a bunch of controls to something.&nbsp;It's about coming up with security properties you'd like a system to follow, choosing mechanisms that enforce these properties, and assuring yourself that your security properties hold"</EM> says Veeral Patel after giving up on reading Ross Anderson's quintessential <A href="https://www.cl.cam.ac.uk/~rja14/book.html" target="_blank" rel="noopener">book</A>.</P><P>&nbsp;</P><P><SPAN>So what he did was invent his own curriculum&nbsp;to study the discipline. Does what he have in his&nbsp;<A href="https://github.com/veeral-patel/learn-security-engineering" target="_blank" rel="noopener">GitHub repo</A>&nbsp;hit the mark? Sadly, NO. Why people continue to "publish" documentation in GitHub baffles me. It's for code people!&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Engineering is about process. You'll learn more by studying NIST SP 800-161<A href="https://doi.org/10.6028/NIST.SP.800-160v1" target="_blank" rel="noopener"> volume 1</A> and <A href="https://doi.org/10.6028/NIST.SP.800-160v2" target="_blank" rel="noopener">volume 2</A>. Become a Systems Security Engineer. Solve hard systems security engineering problems. Certify&nbsp;as an <A href="https://www.isc2.org/Certifications/CISSP-Concentrations" target="_blank" rel="noopener">CISSP-ISSEP</A>. Be All That You Can Be!</SPAN></P><P>&nbsp;</P><P><SPAN>Ps. we'll have to give him credit for digging up a link to the <A href="https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/dod85.pdf" target="_blank" rel="noopener">Orange book</A>&nbsp;&nbsp;<IMG id="smileywink" class="emoticon emoticon-smileywink" src="https://community.isc2.org/i/smilies/16x16_smiley-wink.png" alt="Smiley Wink" title="Smiley Wink" /></SPAN></P><P>&nbsp;</P> Mon, 09 Oct 2023 09:32:41 GMT AppDefects 2023-10-09T09:32:41Z https://community.isc2.org/t5/Career-Discussions/Security-Engineering-Be-All-That-You-Can-Be/m-p/36167#M2617 <P><EM>"Security engineering isn't about adding a bunch of controls to something.&nbsp;It's about coming up with security properties you'd like a system to follow, choosing mechanisms that enforce these properties, and assuring yourself that your security properties hold"</EM> says Veeral Patel after giving up on reading Ross Anderson's quintessential <A href="https://www.cl.cam.ac.uk/~rja14/book.html" target="_blank" rel="noopener">book</A>.</P><P>&nbsp;</P><P><SPAN>So what he did was invent his own curriculum&nbsp;to study the discipline. Does what he have in his&nbsp;<A href="https://github.com/veeral-patel/learn-security-engineering" target="_blank" rel="noopener">GitHub repo</A>&nbsp;hit the mark? Sadly, NO. Why people continue to "publish" documentation in GitHub baffles me. It's for code people!&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Engineering is about process. You'll learn more by studying NIST SP 800-161<A href="https://doi.org/10.6028/NIST.SP.800-160v1" target="_blank" rel="noopener"> volume 1</A> and <A href="https://doi.org/10.6028/NIST.SP.800-160v2" target="_blank" rel="noopener">volume 2</A>. Become a Systems Security Engineer. Solve hard systems security engineering problems. Certify&nbsp;as an <A href="https://www.isc2.org/Certifications/CISSP-Concentrations" target="_blank" rel="noopener">CISSP-ISSEP</A>. Be All That You Can Be!</SPAN></P><P>&nbsp;</P><P><SPAN>Ps. we'll have to give him credit for digging up a link to the <A href="https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/dod85.pdf" target="_blank" rel="noopener">Orange book</A>&nbsp;&nbsp;<IMG id="smileywink" class="emoticon emoticon-smileywink" src="https://community.isc2.org/i/smilies/16x16_smiley-wink.png" alt="Smiley Wink" title="Smiley Wink" /></SPAN></P><P>&nbsp;</P> Mon, 09 Oct 2023 09:32:41 GMT https://community.isc2.org/t5/Career-Discussions/Security-Engineering-Be-All-That-You-Can-Be/m-p/36167#M2617 AppDefects 2023-10-09T09:32:41Z