On Wed, 01 Oct 2008 08:59:16 PDT, Trevow Andrews said: > No real research has even come out of Paul and Larry And? So? You *do* realize that "kick-ass researcher" doesn't directly imply "kick-ass teacher", right? Quite often, the best researchers make *really bad* teachers, because the same autism-spectrum and ADD issues that allow them to focus on things when researching mean they *suck* at presentations. If you've ever been to college, and gotten somebody who's got a zillion papers published, but the class sucks because they can't lecture well, you've seen this in action. The second issue is that teaching chews incredible amounts of time, and directly impacts how much, if any, research you do - if you're on the road 3 weeks of the month teaching, I guarantee that you'll not get much done the other week. Sure, you may have spent 3 weeks teaching a *lot* of people a *lot* of material, and had them all actually remember it - but your research schedule takes a hit. The third thing to keep in mind is that "bleeding edge" doesn't always (and in fact rarely, if ever) correspond to what's out in the real world. OK, so you're peeved because the guy talked about WRT54G and didn't cover Kamikazi. Have you bothered to actually *check* what the relative percentages *actually in use* are? Yeah, Kamikazi may be cool, shiny, and uber-leet - but if it's only got 5% market share and WRT54G has 95%, maybe he shouldn't be spending a lot of time covering Kamikazi. Yes, SANS presentations often lag behind what's the cutting edge - but they're teaching people about stuff they're likely to actually encounter. When they send new cops to police school, they rarely spend lots time on how to pull over a Ferrari, but they're hopefully going to learn a *lot* about all the little details of pulling over a pickup truck (where to look for stuff in "plain sight", where weapons may be stashed, etc). Why? Because they're going to be pulling over dozens of pickup trucks a week, and maybe *once* in their lifetime they're going to get to pull over a Ferarri. You remember that big horrible DNS hole from a few weeks ago? How many you seen in the wild so far? And how many system you seen that actually gotten whacked with a 4-year-old SQL exploit? Yep, thought so. (For all I know, these guys may indeed be sucky presenters *and* sucky researchers - but I'm getting tired of the meme that it has to be taught by a "leading researcher" for it to be of use - especially when you're trying to teach nuts-n-bolts security to Joe Corporate. And if you think it's that easy to teach - start doing it. Undercut SANS, charge only $1000 per head, teach a class of 20 a week. You're looking at $80K of income *a month*. Now ask yourself why there aren't *more* people doing it...)
Attachment:
pgpfhCn8T_rBr.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/