Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: Re:Incompetent (Score 1) 220

by Dman33 (#35235766) Attached to: Anatomy of the HBGary Hack

Sure, the "we pay your ass, do it when I tell you to!" card is played all the time in corporate culture however a skilled and experienced security professional knows how to deal with that. It goes along the lines of "you may me to do my job to the best of my ability, if you want a yes-man then fire me and hire an intern".

Corporate culture is not an excuse in infosec, especially for a security company. If corporate culture IS like that, then change the corporate culture. If you cannot or do not know how to change the culture, then don't get a job in a leadership position.

Why is this so hard??

Comment: Infragard is not nefarious (Score 2, Informative) 211

by Dman33 (#30726154) Attached to: The FBI Wants To Know About Your IT Skills

I am an Infragard member. I was working for a university research group and was required to join Infragard as a part of this research. I did not like the idea of being forced to join an organization I knew little to nothing about so I did research into the organization first. I read up on all of the conspiracy theories about Infragard and spoke with some members before joining.

The conspiracy theories link this organization to "big brother" programs that encourage people to spy on their neighbors. This is not actually the case with Infragard - as far as I can tell.

From what I can see, this organization is put into place for very good reasons. Look into the Russian action in Georgia last year - a large component of that military action was cyber-based. The Russians took over the Georgian infrastructure (electric, news and radio) far before tanks rolled into Georgian territory. If the US is ever attacked on a large scale, our infrastructure will be the first strike. Infragard allows a secured group of IT professionals to be "in the loop" on potential threats that cannot be made widely public yet. It also allows these professionals to collaborate on security issues in real time - as they happen.

Say a new worm was propagating across major infrastructure networks. An administrator at the water company finds evidence of this worm and sends a message to Infragard asking if anybody else has seen it. A person working at the electric company reads that message and notices that it matches something they are addressing as well. The issue may be quickly escalated and addressed appropriately. If these individuals had to deal with conventional reporting then the link between two critical infrastructure networks experiencing the same problem at the same time may be missed.

In my experience Infragard does not care a bit about individuals ripping a CD or something. This is about bridging the gap between law enforcement and IT professionals in order to minimize the time it takes to address a potential cyber threat on critical infrastructure.

Registering your IT skills with Infragard is optional, not mandatory. This is not as evil as it sounds and I see much more upside to this than downside.

Our business is run on trust. We trust you will pay in advance.

Working...