mailing list archives
Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-disclosure Posts
From: Kevin <KKadow () gmail com>
Date: Mon, 18 Oct 2004 17:38:18 -0500
On Mon, 18 Oct 2004 10:28:39 -0400, Clairmont, Jan M
<jan.m.clairmont () citigroup com> wrote:
Oh yeah and we can trust you bozos not to put in backdoors, sploits and other
great modes of entry yeah right. 8->, Hire the burgler to secure your home,
yeah right? Doh!
Just because J.Random Hacker starts out as an immature 17 year old
script kiddie breaking into random systems doesn't mean (assume he
avoids prison) he can't grow up to become a mature "security
professional" who knows how to follow a policy procedure, comply with
audit, and work a 9-to-5 job.
Scratch a thirty-something lead InfoSec consultant from any major
consulting firm (including the big four), and chances are you'll find
a "31337 Hax0r" from the 90's.
And this is excluding the obvious L0pht->@Stake->Symantec progression.
People mature over time, grow into a more "professional" attitude
without losing the inventiveness and insight that makes them
Sheessh what a stupid idea?
The whole point of hiring people who don't know much is that they follow
a policy procedure and comply with audit, I have yet to see a H&ck3r follow any
procedure. So how do you control anything such as policy etc, the wild west again?
You hire professional security people to maintain control, not chaos, and find methodologies
procedures and products that are the most effective, test, re-test, remediate, deploy and defend.
And that can be maintained and operated by ordinary computer folk, who want to do an honest days
work and collect their rightful pay, but maybe you never thought of that!
Sure, bean counters have their place too.
Full-Disclosure - We believe in it.