Learn Concepts Not Tools

Last week, I attended a week-long TippingPoint (a network-based intrusion prevention system) training class for work.  Nothing particularly exciting, just your typical security vendor training.  What I did find interesting, was the class was comprised of 75% TippingPoint employees, training to be part of TippingPoint’s consulting and support teams.  One of them asked me, “Are you the TippingPoint guy at your company?”  Nope, I’m not, it’s just one of my responsibilities at work and that’s the way I like it.

It reminded me that it’s important to be a well rounded security practitioner and learn concepts rather than tools.  That means understanding how an intrusion prevention/detection system (IPS/IDS) works rather than specifically knowing only the buttons and switches for a TippingPoint device.  By understanding the concepts behind an IDS/IPS, a security practitioner can move from one vendor’s IDS/IPS system to another with ease.  If you’re just starting out in security, it’s critical that you absorb and understand as many concepts as possible rather than relying heavily on one specific tool.  Once you understand the concepts and the pains of doing something manually, you’ll be able to work in any environment, regardless of tool.

It’s why I like vendor agnostic classes (like SANS) that teach concepts like packet analysis and incident response techniques.  These are methodologies and strategies that can be applied in any environment no matter what tools you may have available.  Not to say things like TippingPoint aren’t useful, but it’s important to first understand what they’re trying to do and how they work so when you don’t have a TippingPoint, you’ll be resourceful enough to use something else in its place.

Related Posts

Elastic Explained: How To Create a Cluster with Docker Compose

Elastic Explained: How To Create a Cluster with Docker Compose

Overview In this guide we'll walkthrough setting up and running an externally accessible three-node Elastic cluster using Docker Compose on Ubuntu Linux 22.04 that's suitable for a home lab or developer / test environment. Our Elastic deployment will include the...

Zeekurity Zen – Part IX: How To Update Zeek

Zeekurity Zen – Part IX: How To Update Zeek

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we've: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to Splunk...

Elastic Explained: How To Guides For The Elastic Stack

Elastic Explained: How To Guides For The Elastic Stack

Elastic develops the popular log analytics platform, the Elastic Stack, which supports a variety of search, observability, and security use cases through its many out of the box integrations.  It's a great platform for collecting, analyzing, and visualizing data from...

Transform Your Business & Operate at Peak Efficiency