Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [Full-Disclosure] Full-disclosure Posts
From: "Todd Towles" <toddtowles () brookshires com>
Date: Sun, 17 Oct 2004 12:34:33 -0500

I agree with your idea, but I am one of those uni graduate/20 something
professionals. I am very passion about my work and the security of the
company I work for. I work in a rural state and the money isn't as high
as some other places. I took a pay cut to work in the IT field when I
finished college. 

Maybe you weren't talking about people like myself in your statement
(since most people that are part of FD are here to be on the edge of
security and around people that understand them) but it seemed like you
were talking in pretty general terms....with that in mind I have to
disagree with you that all the 20 something professionals are not good
security professionals. A lot of the older folks are sitting in the
corner talking about their 1980 modems, while some 15 year old from
south amercian uses a three year old exploit on their misconfigured
Apache webserver and defaces it.

I agree that you have to love computers...you have to eat and sleep
computers/security to be good in the field and a lot of people in the IT
field aren't like that. Kinda sad, but I will have their job one
day..so..I just smile.

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
yahoo () localhost
Sent: Sunday, October 17, 2004 7:58 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-Disclosure] Full-disclosure Posts

On Sat, 16 Oct 2004 19:13:18 -0700, Etaoin Shrdlu 
<shrdlu () deaddrop org> wrote:
Of course, anyone still using the term "hax0r" as though it were 
meaningful might want to think further about what a "security 
professional" might be

A security professional is someone who cares more about money 
than the real issue of security at where they work. They 
don't go the extra mile for the interests of security at 
where they work, as they don't want to risk the job they're in.

My view is corporations should not employ uni graduates and 
thirty-somethings to work in a security team. They very 
likely still can't open a can of beans and certainly have no 
idea about the real issues which face them. They follow 
company policy and go home at the end of the day, and switch off.

The people who should be working at a security team should be 
volunteers who have the real interests of the company in 
mind, instead of money.

The security professional as we know it (uni graduate and 30
something) is not a hax0r, they are ph.d or whatever who are 
skilled on an academic level, and thats as far as it goes, 
which in my opinion isn't far enough.

Being a security professional is ment to be about passion, 
strictly not money, in my humble opinion.

Stop employing academics and get the hackers in to do the job 
properly, unpaid of course, at least to start off with, to 
make sure they're joining the company for the right reasons. ;-)

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]