[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <137384.1325973033@turing-police.cc.vt.edu>
Date: Sat, 07 Jan 2012 16:50:33 -0500
From: Valdis.Kletnieks@...edu
To: Shyaam Sundhar <shyaam@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Fwd: Rate Stratfor's Incident Response
On Sat, 07 Jan 2012 16:25:35 EST, Shyaam Sundhar said:
> Although, once they have gained popularity and to a stage where a garage
> office becomes a shop floor and a @home biz becomes a rent-a-million$-building
> office, it is time to shift priorities.
If finding people who are competent enough to secure a payroll system for a
company of 10 people is difficult, what makes you think that it's easy to find
people who can secure the systems for a company of 1,000?
As Stratfor has demonstrated, the talent pool of *really* competent security
people is shallow enough that there's not even enough to secure the security
companies. And it's not just Stratfor - when was the last time this list went a
week without mocking a security company for its lack of clue? It's an industry-wide
problem - there's a *severe* shortage of experts.
And even though schools like DeVry and ITT are churning out lots of people with
entry level certifications, I'm not at all sure that helps the situation - we
end up with a lot of people who are entry level, and don't realize how much
they don't know. That makes them almost more dangerous than not having anybody
at all. Sort of like if you walk alone through a scary part of town, you
actually stand a good chance because you *know* you're alone and will act
accordingly - but if you have a bodyguard with you, you're likely to act
differently, and end up totally screwed when you find out said bodyguard has a
belt in martial arts, but zero experience in street fighting...
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists