Shon Harris made a significant contribution to the field of information security, and many of those who hold the CISSP certification gained valuable help and support from her "All-in-One CISSP Study Guide." She certainly died too soon. But, well, ...
I never actually met Shon, but I always had a very interesting relationship with her books.
By the time I took my certification, I had already reviewed a substantial proportion of the source security literature. (It was, prior to the year 2000, much easier to read a substantial portion of the published source security literature. Whether or not it was prompted by the Y2K situation, around the year 2000 it became much easier to find security titles being published. Unfortunately, it was also true that a significant proportion of these newer titles didn't really contribute all that much to the field.) And then, once I had my certification, I started reviewing the CISSP study guides.
Shon's "All-in-one CISSP Study Guide" was, at least after Krutz and Vines' initial lock on the market, always one of the most popular, if not *the* most popular, study guide. So, when I reviewed her first edition, I was rather astounded to find out how much of it had been plagiarized.
Now, of course, all of the study guides are based on the common body of knowledge, and so all of the study guides are basically saying the same thing, although they may structure it in different ways. So it's not surprising that they all cover the same topics, and the same information. But I'm not talking about that kind of plagiarism.
Since I had reviewed so much of the source security literature, I immediately noticed that I recognized where Shon had taken *this* sentence from. This whole sentence. Wording and all. Letter perfect, copied from somebody else's book. As I read through the guide, it became somewhat hilarious how often I could identify, oh, I know who wrote this, originally. Oh, I know who she got this from. And not just individual or multiple sentences, but sometimes whole paragraphs. Sometimes entire *pages*.
Now, of course, if you have any kind of academic background, you know the old academic joke that if you steal from one person it's theft, and if you steal from two people it's plagiarism, and if you steal from three people it's research. So, I guess, no, Shon didn't plagiarize. She just "researched." Very, very precisely.
But, of course, having done the first edition, and getting a name for herself, Shon then went on to do other editions. And she didn't do as much, well, "research" in those subsequent editions. And she developed her own style. And, right from the get-go, Shon made sure that all of her material was quite readable. So it's no wonder that so many people found Shon's study guides so very helpful.
And Shon was very helpful in explaining things. She would diligently make sure that she explained any new concept that came up in information security. Even if she didn't understand the concept.
Over time, this became fairly significant to me, in facilitating the review seminars myself. More and more frequently, as time went on, candidates in the seminars would be asking questions about concepts that Shon had "explained." Even when she didn't understand the concepts. I would try to explain that Shon's study guide, while readable, was not always the absolute definition of integrity and truth. And then I would explain what the concept actually meant, or did, or required.
But this got to take up significant portions of time in the seminars. Eventually, the first time that somebody asked one of these questions, I would give a quick explanation of Shon, and her study guides, and then inform the class that, from that point on, I was going to refuse to answer any question that started out, "Shon Harris says ..."
Introduction and ToC: https://fibrecookery.blogspot.com/2023/10/mgg-introduction.html
No comments:
Post a Comment