-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm always concerned by people hiring "hackers" as security experts,
simply because they are, or were, "hackers." I feel this is
equivalent to hiring a former arsonist to be fire chief, or a
hijacker to be an airport security inspector. Knowing how to find
one or two holes in a system and exploiting them does not necessarily
mean one knows how to harden and test a system, nor does breaking in
to many IIS 4.0 machines make one qualified to protect a corporate
network. My personal view is that having a "hacker" past should not
automatically disqualify a person from a position in information
security, but it should not make them a sure hire either. Of course,
since I don't do hiring, my opinion doesn't matter much in this
regard.
Randy Graham
- -----Original Message-----
From: Steven Pierce [SMTP:[EMAIL PROTECTED]]
Sent: Saturday, March 10, 2001 10:44 PM
To: Gaute Gullesen; mht
Cc: Frederick M Avolio; Hartley, Earl; Jose Nazario;
[EMAIL PROTECTED]; Crumrine, Gary L
Subject: Re: Re[2]: Licensing Information Security Professionals
story
I agree 100%. Who said that the information crime is something
that is dangerous? I have read more then one story that business
are hiring ex hackers for their business to help with security
issues.
Who better to know if there is a security hole, but for someone to
that has been in to play (Defeat) with them...
If they can pass a background, and the like I have no problem with
it.
Now they might have a little shorter leash then someone that has not
been convicted. That would also only be until they proved
themselves.
I could bet they would be a better employee then someone that has not
been into the system.
*********** REPLY SEPARATOR ***********
On 3/10/2001 at 13:56 Gaute Gullesen wrote:
>On Saturday, March 10, 2001, 3:56:31 AM, mht wrote:
>> Why would anyone want to hire someone who has actually been
>> convicted/charged with an Information Security crime. It seems if
>> they were smart enough to get caught they are truly not the best
>> security personnel out there. Even testifying in front of
>> Congress using one's hacker nom de plume doesn't help one's
>> career either, although there has been notable exceptions over
>> the last couple of years -:)
>
>i prefer judging people myself when it comes to who i'm gonna
>trust. giving your authorities that power is just scary!
>
>================================================================
> Gaute Gullesen <[EMAIL PROTECTED]> phone: +47 922 48 107
> Fingerprint: AF90 7B96 9835 AA26 4DCC D4F7 1B82 110C B5DF 00B1
> Support the antiSecurity movement!: http://anti.security.is/
>================================================================
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQA/AwUBOqzpzvZOhQpA1TB+EQJXHwCfa9SNKvxno8/8NePFzwMB+Doc5kIAoKyb
+CmQxheYfopRzt7b4XoDHl4l
=LqnA
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
