The contrast between old school security and new school security

I've had a few thoughts and discussions about old security people vs. new security people and how each group brings strengths and weaknesses to the table. I have written that the older security generation needs to be sure to welcome the new generation instead of making them feel stupid. And I have written about the newer generation needing to respect and learn from the older generation. And with me somewhere in between the new and old, and from the aspect of me as a reseller, I often get the benefit of seeing both sides and how they think.  But it is rare for me to see both sides at one time.  Well, I got to see it recently during my recent evaluation install of a SIEM product at a client.  I ran across an example from both sides in one place, and the contrast was amazing to see.

The difference was immediately seen between these two gentlemen when we started going over the SIEM product. The product is fairly flashy (actually, it uses flash for reporting), with a very nice front end and reporting module. It is not just flashy, meaning that it does a good job at gathering logs from multiple sources, and the correlation is pretty sweet. But the older analyst quickly scoffed at the SIEM, saying that flash is for management and is not useful for real security analysis. He preferred open source products, building his own products to collect logs, doing his own analysis of the logs, doing his own correlation of events, etc. He didn't trust some fancy SIEM product to do anything for him.

The other analyst was fairly new to security, though he has been around IT for a while. He defended the SIEM product quite a bit when it came to the front end. He was impressed by the flash, but his like for the product was not derived from shallowness and ignorance. He realized the need for a good reporting module and dashboard that could give a good visual glance at what was going on instead of pouring through tons of logs.

Now, don't mistake me and think that I am saying the old school way is not good. That older analyst had knowledge and experience that the new guy couldn't even begin to have. Really, I am not disparaging either viewpoint. Maybe the older guy simply is not as visual as the younger guy. But whatever the reason, I think the contrast is interesting.

Another thing that was interesting was that the older guy was actually won over after a while, and he admitted that the interface was "cool", which means that he saw some use in it after all.