[unisog] REN-ISAC membership

Wes Young wcyoung at buffalo.edu
Fri Jul 4 02:29:39 GMT 2008

On Jul 3, 2008, at 2:51 PM, steve.smith at gcmail.maricopa.edu wrote:

> Doug,
> Thanks for your quick reply, I appreciate it. REN-ISAC, and Educause  
> in general
> are a sore subject with me at the moment. I've been denied funding  
> for training
> or to attend Blackhat/Defcon since I'm "obviously" not making an  
> effort to
> become involved with those fine organizations.
> If you look back to the archives (Feb 20-ish 2008, for example) at  
> previous
> discussions you'll invariably see advice from members to "go to an  
> Educause
> event, chat with some people, and you'll get your two vouches!".

> Having previously held a Top Secret clearance from the Army and  
> working at
> the same campus for 20 years doesn't make me "trusted", but some  
> yahoo's
> snap judgement in a hallway apparently does. As I've mentioned in  
> years past,
> "there's a problem there".

Going to Educause doesn't get you two vouches, it helps get you in  
touch with the .edu community. It's a pathway for building  
relationships. Relationships are _key_ here. Not to sound arrogant, I  
know people with clearance and that have experience, that doesn't mean  
I personally trust them, nor does it mean I would trust them with _my_  
institutions sensitive information. Trust communities are hard to  
build, a small crack in the trust can destroy the entire community.  
Personally, it took me a year or two of relationship development to  
build a circle of trust with my peers, attending conferences, working  
with others on forensic investigation via unisog, etc. It's a long and  
difficult process. With your 20 years experience I find it hard to  
believe you haven't build extended relationships within the university  

> I do hope that change is in the works. I'd also point out, though,  
> that you
> told me nearly the same thing last July, so I'm not holding my  
> breath just
> yet.

Comments like this are destructive and ignorant. The process is  
difficult and slow, most process development of this magnitude and  
complexity is... Just the nature of the beast. People are hard at work  
trying to fix some of these issues and I can imagine comments like  
this can be discouraging to their efforts. Someone with your  
experience should know that.
Wes Young
Network Security Analyst
CIT - University at Buffalo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2444 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20080703/ed50b35b/attachment.bin 

More information about the unisog mailing list