RE: Scandal: IT Security firm hires the author of Sasser worm

["Brad Griffin" <b.griffin () cqu edu au>]

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Nick
Jacobsen
Sent: Tuesday, September 21, 2004 12:11 AM
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Scandal: IT Security firm hires the
author of Sasser worm

Does it not strike anyone that there is a disturbing trend in malicious
hackers (yes, yes, I know, they are not hackers if they are malicious,
so call em whatever you want) getting hired to security firms, mainly
because the "hacker" gets media attention?  It is honestly like we are
declaring to the world that the best way to get a good paying job in the
computer security field is to perform some major attack - and get caught
for it - and then after serving a short sentace, start applying for
jobs.

How many? Three that I have heard of now I think. That's hardly a trend
(and this is not a flame).

  I know lots of young people, myself included, that could make
headlines by performing some act or another of a sensational nature, and
all that stops us is our own sense of ethics - but those ethics get
harder and harder to hold as we earn a pittance doing your standard
boring days work, while some other guy is out there essentially (in my
mind) having fun doing some detrimental to society, and then getting
hired at a substantial salary, as a reward.
This may sound like a rant, and it probably is, but that makes my point
no less accurate.
Responses anyone?

I'd suggest that the companies doing the hiring may consider that these
people have skills directly relating to what they are doing. If the
person can or has demonstrated those skills, why not hire the person?
Saves shitloads of money interviewing potentials and/or training someone
else.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html