[unisog] Aw, doodoo. was: Re: REN-ISAC membership

Steve Smith steve.smith at gcmail.maricopa.edu
Fri Jul 4 00:59:48 GMT 2008


Howdy again, all

I need to apologize personally to Doug, and any other list members whom 
I may have slighted in my mini-tantrum.

As many times as I've warned people not to "email when angry", I should 
have known better. I did that, and the classic error of not reading the 
header before hitting 'send'. I assumed that I was participating in a 
private conversation rather than a list submission. D'oh.

I understand that developing a trusted network is extremely difficult. I 
really don't mean to undervalue the effort and personal time that Doug 
and others have put into developing the REN-ISAC infrastructure; if I 
didn't think that it was a valuable resource, it wouldn't torque me so 
much not to have it.

I hope you all have a great 4th, and a restful long weekend.

Steve

steve.smith at gcmail.maricopa.edu wrote:
> Doug,
> 
> Thanks for your quick reply, I appreciate it. REN-ISAC, and Educause in general
> are a sore subject with me at the moment. I've been denied funding for training
> or to attend Blackhat/Defcon since I'm "obviously" not making an effort to
> become involved with those fine organizations.
> 
> If you look back to the archives (Feb 20-ish 2008, for example) at previous
> discussions you'll invariably see advice from members to "go to an Educause
> event, chat with some people, and you'll get your two vouches!". 
> 
> Having previously held a Top Secret clearance from the Army and working at
> the same campus for 20 years doesn't make me "trusted", but some yahoo's
> snap judgement in a hallway apparently does. As I've mentioned in years past,
> "there's a problem there".
> 
> I do hope that change is in the works. I'd also point out, though, that you
> told me nearly the same thing last July, so I'm not holding my breath just
> yet.
> 
> Thanks,
> 
> Steve
>> -- Original Message --
>> Date: Thu, 03 Jul 2008 12:12:12 -0400
>> From: Doug Pearson <dodpears at indiana.edu>
>> To: UNIversity Security Operations Group <unisog at lists.dshield.org>
>> Subject: Re: [unisog] REN-ISAC membership
>> Reply-To: dodpears at indiana.edu,
>>        UNIversity Security Operations Group <unisog at lists.dshield.org>
>>
>>
>> Steve,
>>
>> We're on track to implement changes to the membership model this summer,
>>
>> but before I go into that, just to set the record straight, "exchanged 
>> business cards [...] outside a poster session" doesn't meet our 
>> expectation of the necessary knowledge and relationship that can lead to
>>
>> a vouch of personal trust - as required for membership.
>>
>> About the upcoming changes, I don't want to go into all the details just
>>
>> yet, we'll be talking it up officially very soon, but the essence is 
>> that there will be a tiered membership. At the first tier, a CIO or 
>> equivalent can point at a person who meets the job profile and say 
>> "that's my REN-ISAC 'General' member". The second tier ('XSec') requires
>>
>> expression of personal trust from existing members, similar to today. 
>> Information sharing will be conducted appropriate to the level of trust
> 
>> in each tier.
>>
>> Hope that helps. Expect to see much more on this very soon.
>>
>> Regards,
>>
>> Doug Pearson
>> Technical Director, REN-ISAC
>> http://www.ren-isac.net
>> 24x7 Watch Desk +1(317)278-6630
>>
>>
>> Steve Smith wrote:
>>> Howdy, all
>>>
>>> I haven't seen any mention on the list since February. I was wondering
>>> if there have been any updates on the membership ritual for REN-ISAC?
>>>
>>> I'd like to suggest that years of service as the person in charge of 
>>> security at an institution could better qualify one as "tightly-vetted"
>>> than having exchanged business cards with two people outside of a poster
>>> session, but there is obviously room for argument.
>>>
>>> --
>>> Steve Smith
>>> Information Security Administrator
>>> Glendale Community College, Maricopa Community College District
>>> Glendale, AZ. http://www.gccaz.edu
>>> _______________________________________________
>>> unisog mailing list
>>> unisog at lists.dshield.org
>>> https://lists.sans.org/mailman/listinfo/unisog
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org
>> https://lists.sans.org/mailman/listinfo/unisog
> 
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list