Agreed. In ICT/Security, I commonly encounter an attitude of 'technocracy' - in that skilled professionals look down upon and patronise the plain (relatively unskilled) user.
In business, this attitude is immensely counter-productive, as unless ICT/Security staff are approachable, they are not going to learn of day-to-day issues encountered by 'their' users. I am a strong believer in the 'support through training' ideal, as the users have to learn what it is they are either doing wrong, or just not in the 'right way' (such as checking a suspect mail from phishing attributes: incorrect URLS/suspect text, etc). These users cannot be expected to see through all the varied and nefarious ways malware can be presented, unless they are shown/trained how to do so. Not OT at all, imho. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Tucker Sent: 09 June 2005 22:01 To: Randall M Cc: [email protected] Subject: Re: [Full-disclosure] Off topic rant to my friends Quite right too, and IMO it is not completely off topic. I might point out that (certainly on windows platforms) teaching users the F1 key is also a damn good start, as the modern documentation is now quite mature. On 6/5/05, Randall M <[EMAIL PROTECTED]> wrote: > Sorry to rant to this list. This list though has the only people on it who > totally understand this ranting. > > Every morning before heading for work I read all my security alert emails > and website collections about possible Trojans, worms and viruses found. > Being a faithful worker I do this on the Weekends too. > > Once at work I check my web appliances, gateway, Exchange boxes and data > servers for dat updates and check log files. I spend the first two-three > hours of my work day doing this every day. > > Why do I do this? I do it to protect my company's investment. To ensure that > the employee's have a job that day. To make sure that customers will have on > time delivery and so new customers can make orders, etc., etc. > > Today I read this article: > http://www.eweek.com/article2/0,1759,1823633,00.asp?kc=EWRSS03129TX1K000 0614 > > For some reason, maybe the coffee, I sat there thinking what the hell am I > doing all this for? Am I being paid by my company to set up and protect only > for some future use as a botnet for some organized crime boss!! > > I continually spend time, money and research on ways to protect. All of my > mechanisms I use are actually as helpless as I am!! It's the blind leading > the blind!! > > Then, like a message from God, a memory of a phone call from one of our > users came to me: > > "Hey, I received this email about my account being suspended for security > reasons, I immediately deleted it but just wanted to let you know". > > My small employee awareness program was slowly paying off. A year ago that > same phone call would have been the "I think I did something bad" type. I > now realize that my investments and my time have been spent MORE in the > wrong place. I'm turning that around and heading back to the user. They are > MY PROACTIVE, PREEMPTIVE protection!! I am no longer depending on the > Anti-Virus dats or the front-end Appliances or the Gateways because a simple > "Click" by the user makes them all useless. And it looks as though I can't > depend on them to keep that "click" opportunity from the user. > > Praise be to God for the User! They are powerful! They are trainable! They > are my BEST defense! > > There. I fell better now. > > > thank you > Randall M > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
