I've been thinking back over where I have come from in the past few years. No doubt I have learned a lot. And I can apply some of that knowledge. But I was thinking today, does IT Sec training really prepare us for the challenges we face?
I am a CEH. I am supposed to know the tools, techniques, and tactics that a hacker uses to compromise a network. A year ago I would have told you that I probably had a good idea about something like that. But I am thinking, in an age of Advanced Persistent Threats, with "cyberwar" on the horizon, how has my training prepared me for that?
I know that an attacker will try to hide their location before they perpetrate their attack. From just general knowledge I know of some of the techniques, like tor or tunneling. But none of my training mentioned this. Had I not tried tor for myself I would have no idea how it is used, its limitations, i've done a little research on how to tunnel traffic through tor, but I dont think I could use it effectively.
I know that attacks are often traced back to perpetrators, possibly across the world, through multiple computer systems or networks, but I dont know how. It goes on through all the phases of the hacking process i suppose, I know about trojans, maybe I can download one, run it through a program to change its signature (fuzzing right?) but this knowledge comes in piecemeal, over time.
Honestly, i guess im a little frustrated. I know there are a lot of people with a lot more knowledge, skills, and experience than me. How does one get to that level? How do you get to that place where you can sit there and right a report where you can say, "this is what happened, and this is how they did it, and this is how you can prevent it."?
Am I alone in this?