nanog mailing list archives
Re: How to get better security people
From: Roger Marquis <marquis () roble com>
Date: Wed, 27 Mar 2002 10:40:28 -0800 (PST)
"E.B. Dreger" <eddy+public+spam () noc everquick net> wrote:
Service patches were never applied. When some suspicious happenings left said server inoperable, they just installed Win2000 and went on, not caring what had happened or why. No, I was not the employee. A friend of mine worked there before getting fed up and quitting.
We see this a lot too. It is, IMHO, why good security people who are not in finance, defense or other security-conscious sectors tend to be consultants. Consultant or not IS security gurus are no different than other in-demand technical specialists. You have to 1) pay them appropriately, 2) have a decent working environment (no windowless cubicles, junk food cafeterias, inflexible hours, unskilled management, etc), and 3) provide constant training opportunities (conferences, classes, good assignments). Don't expect them to have programming degrees or be interested in coding. Those would be security developers as opposed to security analysts. Finally, NEVER ask a Unix literate engineer to use an MS Windows PC... -- Roger Marquis Roble Systems Consulting http://www.roble.com/
Current thread:
- Re: How to get better security people, (continued)
- Message not available
- Re: How to get better security people Kelly J. Cooper (Mar 29)
- Re: How to get better security people Sean Donelan (Mar 29)
- RE: How to get better security people Jim Popovitch (Mar 26)
- Re: FW: How to get better security people J.D. Falk (Mar 26)
- Re: How to get better security people Sean Donelan (Mar 29)