Well after over a decade of learning and teaching on cypherpunks and
Perry's cryptography list, and before that comp.risks, reading
Cryptogram, scanning bugtraq until I got bored of yet another buffer
overflow or MS legacy hack, accumulating a row of crypto books, and zero
professional certs or classes, but interacting with a hardcore privacy
friend, I'm now employed as a security consultant at a Big Company, at
least for a month or two.
No govt clearances required, of course.

And let me tell you, things are really hilarious out there.  Eg the same
key in every machine everywhere, and in every driver.  And my future
boss proposing a million fixed keys to make it harder, where you send
the index.  A million times more hilarious.

One day interviewing, wearing a visitor badge, I hear two
building-security people
yell a building-access password to each other.  Furthermore its a lame
password.  My future boss was amused at that bit of accidental social
engineering and he pointed out that the security company manages several

other companies, so the regexp (based on the company name) used for this

building was probably extrapolatable to other companies.

Humans are such silly critters.

Anyway, to everyone who's contributed to my informal education, thanks.

I'm not going away, but neither will I have "Il dulce far niente"  (The
sweetness of doing nothing -S Schear's elegant unemployment motto)

Major Variola (ret)

Reply via email to