Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Job postings

From: Rodney Thayer <rodney () canola-jones com>
Date: Thu, 18 Mar 2004 15:05:51 -0800
At 04:43 PM 3/18/2004 -0500, Dave Aitel wrote:


I think it's interesting that security is viewed as a strategic move
by Microsoft.


Is it?  I thought it was a bald-faced reaction to the fact their
security sloppiness has finally threatened the bottom line.


I've always felt that people using it as a tactical
"cost-benefit" analysis were missing a lot.


That's three different things.

It's TACTICAL if you use it as a tactic.  People who do knee-jerk
purchases of pen tests are not acting in a tactical manner.

It's a cost-benefit thing if you convince your beancounters it'll
cost less to be secure than to clean up.  I fing that to be rare.
I do see people starting to notice that buying a firewall and pointing
the syslog server somewhere other than the garbage can is a fine
thing to do when the CFO is stomping through the halls shouting
Sarbannes-Oxley Compliance or we're all dead!



Getting a strategic
visibility on information security is something most organizations
cannot do,


Totally agree here.


and something you see a lot of IDS vendors struggling to
market


Disagree.  This is the same old rut we've been in since Gartner's Whorehouse
(oops - did I say that?) declared IDS' dead because someone paid them
to say that.

IDS are NOT like car alarms (i.e. they go off, nobody cares). They are
like smoke detectors.  Smoke detector have two sales cycles:

  shitty, most of the time

  terribly popular, the day after you see on the evening news that some
  home burned down with three little kids sleeping inside, and no smoke detectors.

Oh, and by the way, I always assumed that other people on this list have a long
trail of friends who've travelled to Redmond to interview for security positions,
only to return and tell us all how insulting it is to be told by some old fart
who's been working on Microsoft Word since it was implemented with Goose Feather
Quills that "they don't have a security problem".  I know of about 1/2 dozen
who've been flown to Redmond to be insulted over the last year.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: