Information Technology is a fast moving field, probably one of the most short-lived fields to be in from a continuing education perspective. This is why computer science and engineering education focuses so heavily on concepts and methodologies that stay valid even when the technology changes. I remember from years ago when I attended a forensic class that I was seriously annoyed at them teaching forensics based on FAT16, even though "everybody" was using NTFS by then. I sat through the class and it took a while until I realized that what they were teaching were the basic forensic moves of file system analysis that would remain unchanged, and in fact are still unchanged today.
A soggy weekend like this one, with the left-overs of hurricane Hanna drenching the east coast, is as good a time as any to brush up on some InfoSec skill that might come in handy in your day job. But with lots of things competing for our personal time nowadays, before you sink an hour or two into the latest white paper, ask yourself whether the paper will teach you a technique, concept or methodology of lasting value, or if it will teach you a short term or even vendor-centric tech hype.
As far as good reading goes, I actually like NIST special publications. I agree they are a bit dry and don't exactly make for entertaining reading, but hey, they are free, and especially when I'm reading a NIST paper on a topic that is outside my regular focus of work, I'm always left with a couple of concepts of lasting value. There are also many such nuggets available from the SANS reading room, though buried there between some not-so-exciting papers, and thus harder to find.
If, for your own continuing education, you make use of other free sources that teach long term InfoSec concepts rather than short term gimmicks, we would like to hear about them.
Sep 7th 2008
1 decade ago