On Mon, 18 Oct 2004 10:28:39 -0400, Clairmont, Jan M
<jan.m.clairmont_at_citigroup.com> wrote:
> Oh yeah and we can trust you bozos not to put in backdoors, sploits and other
> great modes of entry yeah right. 8->, Hire the burgler to secure your home,
> yeah right? Doh!
Just because J.Random Hacker starts out as an immature 17 year old
script kiddie breaking into random systems doesn't mean (assume he
avoids prison) he can't grow up to become a mature "security
professional" who knows how to follow a policy procedure, comply with
audit, and work a 9-to-5 job.
Scratch a thirty-something lead InfoSec consultant from any major
consulting firm (including the big four), and chances are you'll find
a "31337 Hax0r" from the 90's.
And this is excluding the obvious L0pht->@Stake->Symantec progression.
People mature over time, grow into a more "professional" attitude
without losing the inventiveness and insight that makes them
effective.
> Sheessh what a stupid idea?
>
> The whole point of hiring people who don't know much is that they follow
> a policy procedure and comply with audit, I have yet to see a H&ck3r follow any
> procedure. So how do you control anything such as policy etc, the wild west again?
> You hire professional security people to maintain control, not chaos, and find methodologies
> procedures and products that are the most effective, test, re-test, remediate, deploy and defend.
> And that can be maintained and operated by ordinary computer folk, who want to do an honest days
> work and collect their rightful pay, but maybe you never thought of that!
Sure, bean counters have their place too.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Oct 18 2004
Intro
