Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Dirty IT jobs: Grime and punishment

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 17 Apr 2012 01:59:04 -0500 (CDT)
https://www.infoworld.com/t/it-jobs/dirty-it-jobs-grime-and-punishment-190656

By Dan Tynan
InfoWorld
April 16, 2012

Dirty IT jobs don't always look so dirty at first glance.
Dressing up like Tom Cruise in "Mission: Impossible" and breaking into a secured facility sounds like a blast -- until you're trapped for two hours in the freezing rain waiting to be rescued. Think writing sexy games would be fun? Imagine poring over endless photo sets of explicit anatomical closeups.
Whether you're trying to squeeze big data into tiny spaces, moderate arguments between angry geeks, or hack code that's so old it qualifies for Social Security benefits, you're doing a dirty but necessary job.
This fifth installment in our Dirty Jobs series features tech jobs that can be physically challenging, mentally debilitating, or just plain irritating. Be thankful that these people are doing them -- otherwise, you might have to. 


Dirty IT job No. 1: B&E artist
Dressed in black camo, hiding in the woods in the dead of night on the edge of a Pennsylvania mountain; it's not your typical IT job.
But that's where Matt Neely found himself more than a year ago. As vice president of consulting for SecureState, an information security management consulting firm, Neely's job is to test the physical security of his firm's clients, which include large federal agencies, major retailers, energy plants, and even entire countries. Trained in the art of lockpicking by his previous employer (a bank), Neely uses his breaking-and-entering skills so that organizations can find holes in their perimeter and fill them.
On this cold December night, Neely and a colleague were asked to break into a mining facility just past midnight and steal "trophy data," while two other SecureState penetration testers social-engineered their way in via the front gate. The coal mine was concerned about environmental activists breaking in and tampering with its SCADA systems, causing the mine to shut down. They had good reason to worry.
According to Neely, the mine's external security was so porous that he and his partner were in and out in 10 minutes, or about two hours and 20 minutes less than he'd bargained for. The area around the mine was so remote there was no cellphone coverage, so he had no way to reach the other SecureState team. He and his partner had to hunker down for two hours in a freezing rain before they got picked up.
Roughly 75 percent of the time, Neely says he's able to break in to a facility without getting caught. On the other hand, he says his social-engineering comrades succeed about 90 percent of the time -- and when they fail it's usually because somebody got tipped off a test was coming. 

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Previous By Date Next
Previous By Thread Next

Current thread: