mailing list archives
Re: RE: In defense of non standard ports
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 27 Jan 2006 17:06:35 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 24 Jan 2006, Paul D. Robertson wrote:
On Tue, 24 Jan 2006, Tim Shea wrote:
I've been monitoring this discussion and I have issues with two
assumptions being made. The first is that all organizations have security
professionals with some pull with management. Politics plays a big part
Trust me, if your organization has security professionals, then they have
pull with management.
I had to stop here, for the term "security professionals" is a hard one to
define, does this imply certified persons? Also, working for a state gov,
I can state plainly, security professionals/certified persons means little
where I ern a paycheck, as they tend to have certs indeed, and yet lack a
skill tween the whole group of 10 or so, in fact we could hire monkeys to
accomplish the same "scan reports" that are the height of their abilities.
Now to the end of the statement, do they have pull with mgt? Well, they
are pulling in a far different diredtion the more they tend to ruffle
whole departments by crying wolf <sorry, no that trojan port your nessus
scan spotteed means less this month then it did last month you spewed it
up the mgt hill on our RACF mainframe, or sorry no your nessus skills are
not truely honed if you think pcanywhere is running on that solaris box>.
We have more personell that do not work with ISO with a clue towards
security in their prospective realm/OS/platform or on a whole then any of
the certified monkeys that ISO has hired to "secure" this state, and the
more pull with mgt thet have means the worse things get with each new
project rolled out...
admin & senior security consultant: sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
firewall-wizards mailing list
firewall-wizards () honor icsalabs com