Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [SPAM] Re: [Full-Disclosure] Full-disclosure Posts
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 18 Oct 2004 07:23:56 +0200 (CEST)

On Sun, 17 Oct 2004, yahoo () localhost wrote:

On Sat, 16 Oct 2004 19:13:18 -0700, Etaoin Shrdlu <shrdlu () deaddrop org> wrote:
Of course, anyone still using the term "hax0r" as though it were
meaningful might want to think further about what a "security
professional" might be

A security professional is someone who cares more about money than the
real issue of security at where they work. They don't go the extra
mile for the interests of security at where they work, as they don't
want to risk the job they're in.

My view is corporations should not employ uni graduates and
thirty-somethings to work in a security team. They very likely still
can't open a can of beans and certainly have no idea about the real
issues which face them. They follow company policy and go home at the
end of the day, and switch off.

The people who should be working at a security team should be
volunteers who have the real interests of the company in mind, instead
of money.

The security professional as we know it (uni graduate and 30
something) is not a hax0r, they are ph.d or whatever who are skilled
on an academic level, and thats as far as it goes, which in my opinion
isn't far enough.

Being a security professional is ment to be about passion, strictly
not money, in my humble opinion.

Stop employing academics and get the hackers in to do the job
properly, unpaid of course, at least to start off with, to make sure
they're joining the company for the right reasons. ;-)

Companies do not care about security. The CEO only works with numbers. If
bad security losses 100k per month but tightening things up loses 105k per
month on productivity they take the 5k per month profit regardless of who
is doing security and leave it open.

It has very little to do with attitude on the security staff. If you want
to work corporate you need to understand corporate thinking.

Taking simple countermeasures to prevent damagae from things like a
Slammer Worm are laughed at untill they get hit and loose 2 days worth of
business. Then they start screaming to get it installed yesterday.

You do not have to like it but that is the sad state we are in.


        I hate duplicates. Just reply to the relevant mailinglist.
        hvdkooij () vanderkooij org             http://hvdkooij.xs4all.nl/
                Don't meddle in the affairs of magicians,
                for they are subtle and quick to anger.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]