lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 07 Jan 2012 17:03:09 -0600
From: Laurelai <laurelai@...echan.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Rate Stratfor's Incident Response

On 1/7/12 3:50 PM, Valdis.Kletnieks@...edu wrote:
> On Sat, 07 Jan 2012 16:25:35 EST, Shyaam Sundhar said:
>
>> Although, once they have gained popularity and to a stage where a garage
>> office becomes a shop floor and a @home biz becomes a rent-a-million$-building
>> office, it is time to shift priorities.
> If finding people who are competent enough to secure a payroll system for a
> company of 10 people is difficult, what makes you think that it's easy to find
> people who can secure the systems for a company of 1,000?
>
> As Stratfor has demonstrated, the talent pool of *really* competent security
> people is shallow enough that there's not even enough to secure the security
> companies. And it's not just Stratfor - when was the last time this list went a
> week without mocking a security company for its lack of clue?  It's an industry-wide
> problem - there's a *severe* shortage of experts.
>
> And even though schools like DeVry and ITT are churning out lots of people with
> entry level certifications, I'm not at all sure that helps the situation - we
> end up with a lot of people who are entry level, and don't realize how much
> they don't know. That makes them almost more dangerous than not having anybody
> at all. Sort of like if you walk alone through a scary part of town, you
> actually stand a good chance because you *know* you're alone and will act
> accordingly - but if you have a bodyguard with you, you're likely to act
> differently, and end up totally screwed when you find out said bodyguard has a
> belt in martial arts, but zero experience in street fighting...
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Perhaps these companies should try to hire the kids owning them instead 
of crying to the feds.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ