Cost of failure * rate of failure = total cost of failure is actually detrimental to this approach, most notably because the rate of failure for an undiscovered/undisclosed security defect is quite small and yields a total cost of risk that is well within norms for most companies.
What you need to do is familiarize yourself with the upper management, specifically those through which you report up to the CEO, and understand the types of risk they deal with and – more importantly – the total costs of failure they find acceptable. Then, when approaching them – just by way of example - prepare a report which demonstrates this specific risk in terms they both understand and with a gravity that they appreciate. Never say “we could be hacked, it would be awful”, instead “when this defect is eventually discovered (include citations on the rate of remote network probes/scans), the resulting security breach will cost us $X to resolve, further (citations are handy) as this has been in the news lately, expect additional fallout in both news cycles and social media. Instead of facing $X in known risk, by investing $Y in prevention we can address this issue and improve (insert impact on project/product they are personally invested in).”
Lastly, never leave the rate of risk ambiguous – never leave it at “might, may, could or worse still, one in a million” – always represent those uncertainties with math: number of remote attack attempts over time. If your perimeter is anything like mine, it will be read by management as an eventual certainty and *not* like something that can be safely ignored as an unlikely “storm of the century” type event.
I thought so too, but it doesn't seem to make a darn bit of difference that I'm British and we (US/UK) have been allies for ages. I was almost not let back in the country the last time I left - I now won't leave the country as I'm not confident I'll be able to get back in. I'm obviously on the TSA's list for additional screening (I wasn't allowed through security on my last flight because I had printed out my boarding pass from United - as suggested by United in order to save time and I was required to have one issued by the airline on the day; missed my flight because of that).
I may as well be Chinese for all the difference it makes to the TSA and CBP.
When I was first out of college I got a contracting job working for the USAF. I'm a British national (born in England) and I am a legal US resident (green card). I was able to work on some pretty sensitive stuff that required everyone else to have a clearance (I worked on the roll-out of the "glass cockpits" - upgraded avionics - for McConnell AFB in the early 90's) even though I wasn't eligible for clearance. Nor was I eligible for working on this contract for the Air Force. My employer got around that requirement by subcontracting me several layers deep. The subcontracting went something like: USAF to his company to another company to him (as a third company) to me (as a fourth company) and finally to me as a 1099. As it was explained to me at the time, it was due to regulations in place with the military where contractors who were X many times removed from the primary contract were not required to have the same security clearance as the origin contract holder and/or that the origin contract holder wasn't required to review the status of those X times removed.
Either way the result was that I had no clearance and I was on a project where everyone else was required to have one. I'm sure there must be H1B contractors who are similarly working on some pretty sensitive stuff for the government.
Agreed. But with the vast, vaaast amount of dushbaggery out there, it's often quite difficult to avoid doing some level of business with them. Kinda hard to get by without using a bank.
Their (PP's) propensity for keeping their customers money was the precise reason I stopped using them.
Agreed. However in many cases it is still possible to use PayPal on merchant accounts without having a PayPal account yourself. Whenever I need to use PayPal I always take that option. I pay with a CC as a "customer who doesn't have a PayPal account" (even though I technically have one). The CC I use (as peragrin noted above) is a simple prepaid card. I actually picked mine up at WalMart and I can refill it at the self checkout for $3. I usually leave a nominal balance on it (~40 USD) and then only pay onto it when I intend to purchase something online.
That prepaid card - which effectively insulates me from any problems associated with loss/theft (+/- ~$40) - is well worth the piece of mind that comes with it.
That and Brian is white, so that helps...
"Over specialize and you breed in weakness"
- Major Kusanagi Motoko
"Whoever without justifiable and excusable cause, assaults, resists, opposes, impedes, intimidates, or interferes with a law enforcement officer on account of, or while that law enforcement officer is engaged in the performance of his or her official duties shall be guilty of a misdemeanor" it elevates to a felony if it "causes significant bodily injury to the law enforcement officer, or commits a violent act that creates a grave risk of causing significant bodily injury to the officer"
That's a pretty broad set of actions one can commit and still constitute "assault", which is why it's often referred to as "contempt of cop". Technically, if a cop punches you in the face and cuts his hand on your teeth, you can be charged with felony assault. Hopefully that won't hold up, but as you said, if you assault an officer, you're guilty. Period.