It is not about trusting them, it is putting together a made up organizational network including Physical, Technical and Administrative, provide them the information regarding the operating systems and application and have the different Online Security Services provide a report based on the information given and then rank them with the pro and cons and then sort by price and value add. Similiar to an IDS bakeoff, which is happenning more and more these days. Instead of signatue comparison, it is correct recommendation comparison. No tricks, no sleight of hand.. Just all out bakeoff. /m At 11:46 AM 8/23/00 -0400, Meritt, Jim wrote: >IF (a big "if"): >1. You can trust them with your entire being (say, you AREN'T "secure" and >they find out exactly how and where you are most vulnerable) >2. They are as good as you think. > >_______________________ >The opinions expressed above are my own. The facts simply are and belong to >none. >James W. Meritt, CISSP, CISA >Senior Secure Systems Engineer at Wang Government Services, Inc. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, August 23, 2000 11:34 AM > > To: Meritt, Jim; [EMAIL PROTECTED] > > Subject: Re: hacker hiring (was RE: Online Security Services and > > Continous Risk Management > > > > > > Arggh, > > > > Are Online Security Services that charges lots of money really worth > > it? If anyone from the press is reading this thread. This > > would make for > > a great in-depth article. Similiar to a Firewall BakeOff. Ask those > > vendors who offer this kind of service to respond to a > > simulated RFP and > > simulated network profile and see what they come up with, and > > then rank them. > > > > This would satisfy my confusion. > > > > /cheers > > > > /mark > > > > At 09:19 AM 8/23/00 -0400, Meritt, Jim wrote: > > >Which leads almost immediately to the question "Do we hire > > 'hackers'?" The > > >answer in almost every case is "yes". Not all, but almost all. > > > > > >*sob* > > > > > >For my opinion, see: http://www.informationweek.com/780/80uwjm.htm > > > > > >Jim > > >_______________________ > > >The opinions expressed above are my own. The facts simply > > are and belong to > > >none. > > >James W. Meritt, CISSP, CISA > > >Senior Secure Systems Engineer at Wang Government Services, Inc. > > > > > > > > > > Date: Tue, 22 Aug 2000 13:35:42 EDT > > > > From: "J Weismann" <[EMAIL PROTECTED]> > > > > Subject: Re: Online Security Services and Continous Risk > > Management > > > > > > > > >[snip] > > > > > > > I am not saying my skills are > > > > subpar, or that > > > > I won't learn anything new, just that with so few people > > > > willing to jump > > > > into network monitoring and/or security, some companies > > will hire on > > > > whomever that can meet some of their critera. It truly is a > > > > buyers market > > > > out there for people who are hungry to learn. > > >- > > >[To unsubscribe, send mail to [EMAIL PROTECTED] with > > >"unsubscribe firewalls" in the body of the message.] > > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
