Re: Believe it or not, there are hackers lurking everywhere

[InfoSec News <isn () C4I ORG>]

Forwarded By: Mcaston <mcaston () insnet com>

[Last one on this topic I'm going to repost. -WK]

As a consultant I can't really take offense at an article/commentary
as sophmoric as this (Keong):

1.) Look at a Consultant's resume and Interview them...that's a given!
What about background checks and et al...let's put a little meat into
the recomendation!

2.) $100 per hour...maybe in the '70's.  Regardless, a consultant at
$40K per year billing $100 per hour would yield no more than 30%
percent profit on an 1600 Hour year...as in 40-50K profit...ever heard
of benefits and overhead??

3.) What does open source software release have to do with hiring
consultants...it may or may not (tangentially) help with trouble
shooting, security, and upgrading certain platforms, but is
inconsequential when one considers the primary thrust of this
"article" is trusting Consulting firms (with "hackers") Vs.
Independents.

When talking about independents, why not talk about somthing
meaningful, like: PLI, Background checks, refernce checks, educational
verification, Industry association, certifications (hardly a true
measure of skill, but they can't hurt.)

-----Original Message-----
From: ISN Mailing List [mailto:ISN () SECURITYFOCUS COM]On Behalf Of
InfoSec News
Sent: Thursday, August 24, 2000 1:51 PM
To: ISN () SECURITYFOCUS COM
Subject: Re: [ISN] Believe it or not, there are hackers lurking
everywhere


Forwarded By: Russell Coker <russell () coker com au>


On Wed, 23 Aug 2000, you wrote:
> http://www.globetechnology.com/archive/gam/News/20000822/ROUTS.html
>
> PERSONAL VIEW
>
> "PALANTE"
>
> Tuesday, August 22, 2000
>
> Two things come to mind when reading Victor Keong's recent Personal
> View (Don't Hire DefCon Hackers -- Aug. 8). First, the author's firm,
> as reputable as it is, obviously has a financial interest in companies

[snip]

> The real question is not whether a consulting firm has hackers,
> crackers and black hats, but rather why a business should trust them?
> The business should ask for resumes and look into the consultant's
> reputation, but it shouldn't assume that the DefCon people it hears
> about aren't the same people who work for respectable security
> consulting companies.

I think that anyone who hires people from consulting companies should
always check the resumes of the people first.  If the people from the
consulting company are going to be working on-site then they should be
given an interview first in the same way that you interview someone
before hiring them.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".