[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Authorities eye MSBlaster suspect
- From: Paul Schmehl <pauls@utdallas.edu>
- Date: Fri, 29 Aug 2003 20:21:44 -0500
--On Friday, August 29, 2003 7:13 PM -0400 Valdis.Kletnieks@vt.edu wrote:
>
> You're totally missing the point.
>
And this surprises you?
>
> If I'm doing security 30 hours a week, that's 30 hours a week I'm not
> available for other things.
>
[skip the long litany of *other* things you could be doing]
>
In case anybody thinks that Valdis is somehow bragging, forget it. The
many roles he is expected to fulfill are typical in a university
environment. There *is* no such thing as "an intrusion detection
specialist". Everyone in edu wears many hats - most of which are fulltime
jobs in their own right.
>
> And you can't weasel out by saying "Hire somebody else to do that other
> stuff" or "hire somebody else to do security" - the point is that if we
> did hire somebody else, then we'd only have 1 person of the 2 available
> for productive work. If we didn't have to keep spending resources on
> security, BOTH people would be available then.
That's won't stop anyone from trying though. They actually think
"security" is the stuff you *should* be doing, not helping your users be
more productive.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html