Comment I have worked with these sorts (Score 2) 65
In every single, and I mean without exception, every single consulting company that I worked for/with the "security specialists" were full of shit assholes. The guys who were in charge of the actual network were very well trained and capable security people but they weren't marketing themselves as specialists. The security guys just spouted endless paranoia and blah blah'd about military grade security. Yet when put to a test not a single one of them could exploit a linux system that hadn't had an upgrade in a year.
What they didn't have in skill they made up in swagger and threats. If consultants in the company didn't submit their laptops to them for a security audit they got all shitty saying how our laziness would take down the company. So my solution was to hand them a laptop that I would get fresh from IT with nothing installed, no documents, and fully up to date. Then I would laugh at their report where they would say that I had all kinds of unencrypted documents and had installed insecure software on the laptop. Then when I showed this to upper management they got even angrier that I had wasted what otherwise would have been valuable billing hours, even though it was they who wanted to audit all the computers.
But the thing that finally broke their stranglehold over the company's management was when they bullied their way into a friend's project devastating his budget after they convinced the client he was working for that his unaudited system would leave their company wide open. So he made a mirror image of their laptop from a backup, changed the background to a picture of two guys having sex with the company logo of the client on the face of the guy getting it and a picture of the security "expert" over the face of the guy giving it. Then on the way to the meeting he swapped laptops. Security expert was fired that day.
What they didn't have in skill they made up in swagger and threats. If consultants in the company didn't submit their laptops to them for a security audit they got all shitty saying how our laziness would take down the company. So my solution was to hand them a laptop that I would get fresh from IT with nothing installed, no documents, and fully up to date. Then I would laugh at their report where they would say that I had all kinds of unencrypted documents and had installed insecure software on the laptop. Then when I showed this to upper management they got even angrier that I had wasted what otherwise would have been valuable billing hours, even though it was they who wanted to audit all the computers.
But the thing that finally broke their stranglehold over the company's management was when they bullied their way into a friend's project devastating his budget after they convinced the client he was working for that his unaudited system would leave their company wide open. So he made a mirror image of their laptop from a backup, changed the background to a picture of two guys having sex with the company logo of the client on the face of the guy getting it and a picture of the security "expert" over the face of the guy giving it. Then on the way to the meeting he swapped laptops. Security expert was fired that day.