How to get better security people
Sean Donelan
sean at donelan.com
Tue Mar 26 18:27:45 UTC 2002
On Tue, 26 Mar 2002, Avleen Vig wrote:
> On Tue, 26 Mar 2002, LeBlanc, Jason wrote:
> > On that note, Etrade layed off their entire net sec team a few months back.
> > I don't trade there no more. ;)
>
> Fewer and fewer companies are paying attention to network security with
> the right mindset. They all want peopl who have been in the field for
> 7-10+ years, with 10+ years of general systems admin skills.
I attended my first IETF meeting in 1991. There were 384 attendees.
There are very few people who really have 10+ years experience in this
industry.
If I was looking for top security talent, what would I ask for whether
I was hiring directly or outsourcing? Do I want a bunch of ex-miltary,
ex-law enforcement, ex-banker, lots of certifications (CISSP, GIAC) none
of which have existed for 10 years, published papers, can answer tricky
questions about checkpoint firewalls (why is a confusing firewall
configuration a good thing?), a college degree in crypto, big 5
accounting firm (or is that now big 4 accounting firm)?
The problem right now is if you advertise for a job, you will get
blasted with literally tens of thousands of resumes. What should I
be telling the HR department to look for?
Likewise, if I was going to outsource. What should I be looking for
in a security management provider?
The best information security person I've ever met/worked with/etc was
at Disney Imagineering. I've yet to find anyone at a security consulting
firm or other company that came close to matching him.
More information about the NANOG
mailing list