On Sat, 07 Jan 2012 16:25:35 EST, Shyaam Sundhar said:
Although, once they have gained popularity and to a stage where a garage
office becomes a shop floor and a @home biz becomes a
rent-a-million$-building
office, it is time to shift priorities.
If finding people who are competent enough to secure a payroll system for a
company of 10 people is difficult, what makes you think that it's easy to
find
people who can secure the systems for a company of 1,000?
As Stratfor has demonstrated, the talent pool of *really* competent security
people is shallow enough that there's not even enough to secure the security
companies. And it's not just Stratfor - when was the last time this list
went a
week without mocking a security company for its lack of clue? It's an
industry-wide
problem - there's a *severe* shortage of experts.
And even though schools like DeVry and ITT are churning out lots of people
with
entry level certifications, I'm not at all sure that helps the situation -
we
end up with a lot of people who are entry level, and don't realize how much
they don't know. That makes them almost more dangerous than not having
anybody
at all. Sort of like if you walk alone through a scary part of town, you
actually stand a good chance because you *know* you're alone and will act
accordingly - but if you have a bodyguard with you, you're likely to act
differently, and end up totally screwed when you find out said bodyguard
has a
belt in martial arts, but zero experience in street fighting...
_______________________________________________
Full-Disclosure - We believe in it.
Charter:http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -http://secunia.com/