Re: How to get better security people
"E.B. Dreger" <eddy+public+spam@noc.everquick.net> wrote:
Service patches were never applied. When some suspicious happenings left said server inoperable, they just installed Win2000 and went on, not caring what had happened or why.
No, I was not the employee. A friend of mine worked there before getting fed up and quitting.
We see this a lot too. It is, IMHO, why good security people who are not in finance, defense or other security-conscious sectors tend to be consultants. Consultant or not IS security gurus are no different than other in-demand technical specialists. You have to 1) pay them appropriately, 2) have a decent working environment (no windowless cubicles, junk food cafeterias, inflexible hours, unskilled management, etc), and 3) provide constant training opportunities (conferences, classes, good assignments). Don't expect them to have programming degrees or be interested in coding. Those would be security developers as opposed to security analysts. Finally, NEVER ask a Unix literate engineer to use an MS Windows PC... -- Roger Marquis Roble Systems Consulting http://www.roble.com/
participants (1)
-
Roger Marquis