Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Re:Incompetent (Score 1) 220

Sure, the "we pay your ass, do it when I tell you to!" card is played all the time in corporate culture however a skilled and experienced security professional knows how to deal with that. It goes along the lines of "you may me to do my job to the best of my ability, if you want a yes-man then fire me and hire an intern".

Corporate culture is not an excuse in infosec, especially for a security company. If corporate culture IS like that, then change the corporate culture. If you cannot or do not know how to change the culture, then don't get a job in a leadership position.

Why is this so hard??

Comment Infragard is not nefarious (Score 2, Informative) 211

I am an Infragard member. I was working for a university research group and was required to join Infragard as a part of this research. I did not like the idea of being forced to join an organization I knew little to nothing about so I did research into the organization first. I read up on all of the conspiracy theories about Infragard and spoke with some members before joining.

The conspiracy theories link this organization to "big brother" programs that encourage people to spy on their neighbors. This is not actually the case with Infragard - as far as I can tell.

From what I can see, this organization is put into place for very good reasons. Look into the Russian action in Georgia last year - a large component of that military action was cyber-based. The Russians took over the Georgian infrastructure (electric, news and radio) far before tanks rolled into Georgian territory. If the US is ever attacked on a large scale, our infrastructure will be the first strike. Infragard allows a secured group of IT professionals to be "in the loop" on potential threats that cannot be made widely public yet. It also allows these professionals to collaborate on security issues in real time - as they happen.

Say a new worm was propagating across major infrastructure networks. An administrator at the water company finds evidence of this worm and sends a message to Infragard asking if anybody else has seen it. A person working at the electric company reads that message and notices that it matches something they are addressing as well. The issue may be quickly escalated and addressed appropriately. If these individuals had to deal with conventional reporting then the link between two critical infrastructure networks experiencing the same problem at the same time may be missed.

In my experience Infragard does not care a bit about individuals ripping a CD or something. This is about bridging the gap between law enforcement and IT professionals in order to minimize the time it takes to address a potential cyber threat on critical infrastructure.

Registering your IT skills with Infragard is optional, not mandatory. This is not as evil as it sounds and I see much more upside to this than downside.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce