Information Security News mailing list archives
Re: Believe it or not, there are hackers lurking everywhere
From: InfoSec News <isn () C4I ORG>
Date: Sat, 26 Aug 2000 14:31:58 -0500
Forwarded By: Mcaston <mcaston () insnet com> [Last one on this topic I'm going to repost. -WK] As a consultant I can't really take offense at an article/commentary as sophmoric as this (Keong): 1.) Look at a Consultant's resume and Interview them...that's a given! What about background checks and et al...let's put a little meat into the recomendation! 2.) $100 per hour...maybe in the '70's. Regardless, a consultant at $40K per year billing $100 per hour would yield no more than 30% percent profit on an 1600 Hour year...as in 40-50K profit...ever heard of benefits and overhead?? 3.) What does open source software release have to do with hiring consultants...it may or may not (tangentially) help with trouble shooting, security, and upgrading certain platforms, but is inconsequential when one considers the primary thrust of this "article" is trusting Consulting firms (with "hackers") Vs. Independents. When talking about independents, why not talk about somthing meaningful, like: PLI, Background checks, refernce checks, educational verification, Industry association, certifications (hardly a true measure of skill, but they can't hurt.) -----Original Message----- From: ISN Mailing List [mailto:ISN () SECURITYFOCUS COM]On Behalf Of InfoSec News Sent: Thursday, August 24, 2000 1:51 PM To: ISN () SECURITYFOCUS COM Subject: Re: [ISN] Believe it or not, there are hackers lurking everywhere Forwarded By: Russell Coker <russell () coker com au> On Wed, 23 Aug 2000, you wrote:
http://www.globetechnology.com/archive/gam/News/20000822/ROUTS.html PERSONAL VIEW "PALANTE" Tuesday, August 22, 2000 Two things come to mind when reading Victor Keong's recent Personal View (Don't Hire DefCon Hackers -- Aug. 8). First, the author's firm, as reputable as it is, obviously has a financial interest in companies
[snip]
The real question is not whether a consulting firm has hackers, crackers and black hats, but rather why a business should trust them? The business should ask for resumes and look into the consultant's reputation, but it shouldn't assume that the DefCon people it hears about aren't the same people who work for respectable security consulting companies.
I think that anyone who hires people from consulting companies should always check the resumes of the people first. If the people from the consulting company are going to be working on-site then they should be given an interview first in the same way that you interview someone before hiring them. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Believe it or not, there are hackers lurking everywhere InfoSec News (Aug 23)
- <Possible follow-ups>
- Re: Believe it or not, there are hackers lurking everywhere InfoSec News (Aug 25)
- Re: Believe it or not, there are hackers lurking everywhere InfoSec News (Aug 26)