It reminded me of Richard Beijtlich's statement that "prevention eventually fails". So do I go with Richard's outlook or Gregory's? Add in my own experience in the land of reality and I'll stick with Richard's. ;-)
On Mon, Dec 14, 2009 at 1:37 PM, Michael Douglas <[email protected]>wrote: > That comment "you can't ever fail" is part of the reason this guy is > such a jackhole. He's perpetuating very scary and damaging myths > about infosec. > > -= Hey John Strand, your doctor told me to keep your blood from > boiling over so you might want to skip until you hit the next comment > marked like this =- > <The text below is encrypted with non-john-strand crypto. As long as > you're not John Strand this text appears like plain text... but it's > not. We here at PaulDotCom have special tech that allows for strange > things... in this case, John Strand will see nothing but gibberish, or > perhaps an in-depth review of a death metal band. He's never really > been clear about what he sees when presented with this sort of elite > crypto.> > > Everyone makes mistakes. Systems fail, everything rots. Entropy will > triumph in the end. It all gets back to the concept of failing > gracefully. John's been harping this point over and over lately, and > it's apparent that "teh bestest haxor evarz" has somehow missed out on > these talks. It must be all the 15 minute training sessions. Those > add up on your time. (/me rolls his eyes) > > DO NOT TELL JOHN THAT THE BEST HACKER ISN'T AWARE OF THIS. He might > flip out and maybe do something strange... no stranger than what he > normally does. Truth is, I don't like thinking about it. The longer > you stare at the Abyss the longer it stares back at you. ;-) > > But you don't have to miss out like #1 super hacker has so far! > http://www.irongeek.com/i.php?page=videos/the-internet-is-evil-john-strand > > -= John, you can return to the reading ;-) =- > > > Security Consultants are NOT responsible for the security of a > company. We're not. EVER! That belongs to management. Security > programs that fail are ones where they forget our responsibilites. > Our duties are to measure, report, and mitigate risks as directed to > from management. Anytime we set ourselves out to do differently we're > drifting to Evans' style and that's something we certainly want to > discourage. Unless you want lumps of coal from Santa for some > reason... > > - Mick > > > On Mon, Dec 14, 2009 at 1:27 PM, Jason Wood <[email protected]> wrote: > > I got a chuckle out of this line from the article. > > > > "Drawbacks: Talk about stress. If a system is infiltrated by a virus or > > hacker, it could mean lights out for the security consultant's career. > "This > > is a job you can't afford to ever fail in," says Evans." > > > > What was funny to me was I remember a thread a while back where a lot of > us > > talked about getting into infosec **because** we got hacked. I suppose I > > was just doing sysadmin work at the time, so you could point to that as a > > reason why I've never had much career trouble. Still, I had to grin at > it. > > > > > > Jason > > > > > > > > On Mon, Dec 14, 2009 at 9:06 AM, Soft Reset <[email protected]> > > wrote: > >> > >> Hmmm...I'm going out on a limb here, but I'm not seeing why he's *is* a > >> fraud? I understand how this profile can portray us in a negative light > as > >> people who see *us* may think we were once on the black-hat side of > things, > >> but do you all think its impossible for someone to switch to the > white-side? > >> > >> Although to be honest, no, I wouldn't trust him. Convicted in 2002, > >> served 16 months means he was *probably* still in jail or just out when > he > >> started his company in 2003. And "...that year, computer security > stores > >> contracted to sell his cyber security software." So, in less than a > year of > >> getting out of prison, he has a company and "computer security stores" > sold > >> his software? WTF??? > >> > >> Ok, maybe I understand now...maybe it was just too early in the day. > >> > >> > >> On Mon, Dec 14, 2009 at 4:21 AM, John Strand <[email protected]> > wrote: > >>> > >>> Check it out: > >>> > >>> http://money.cnn.com/magazines/moneymag/bestjobs/2009/snapshots/8.html > >>> > >>> On the plus side. I think it is nice that we have some job security... > >>> > >>> On the downside.... Why did they have to go and find "The Worlds #1 > >>> Hacker?" > >>> > >>> Now anyone that wants to get into this field thinks that all they need > >>> is a CISSP and to be an asshat. > >>> > >>> Wait..... That might be accurate. > >>> > >>> John Strand > >>> CISSP, GCIH, GCFW, ' or 1=1; --, Asshat > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >> > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > > > -- > > > > irc: Tadaka > > Twitter: Jason_Wood > > jwnetworkconsulting.com > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- irc: Tadaka Twitter: Jason_Wood jwnetworkconsulting.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
