[VOIPSEC] Who the heck needs security anyway...
Ronald del Rosario
rrosario at five9.com
Mon Apr 19 17:59:48 BST 2010
Carlos,
I agree. However in my humble opinion, I am seeing a couple of
improvements with this "old school" mentality on security versus
business requirements. Some of the driving factors are the young,
talented "hacker-minded" security professionals getting into the ranks
of the corporate world. I guess some of the credit goes to the new (and
exciting) school of thought out there. (Offensive Security, EC-Council,
Wireshark University, etc.)They definitely help in molding IT
person/network guys who are just used to being "Sys Admins" and "Cisco
Pros" to be embed in their way of thinking the "hacker mentality".
I help contribute Evil User Stories in an Agile Software environment.
And yes, the "business" or functional requirements always takes
precedence, but when I chip in and discuss to the group the latest
trends in exploitation and vulnerabilities, and demonstrate it to them
on how easy it can be accomplished by a script kiddie like me, the
senior guys are listening. Because they know, that we, the younger
generation, are more into it and they respect us for that. We may not
have their vast amount of experience but what we offer to the table is
our energy and passion to learn how to penetrate applications and learn
from that so we know how to protect it.
It's up to us to convince and help the senior guys listen that
Hollywood-style security incidents does happen, in and out the corporate
world.
Thanks.
Ron
----
They are right. The problem is that we rarely have anyone who
understands both security and business needs to put together sensible
rules. The geeks go with security at all costs, and the business people
find ways around it because it's too onerous.
--
Sent from my iPad
On Apr 14, 2010, at 11:41 AM, "J. Oquendo" <sil at infiltrated.net
<http://voipsa.org/mailman/listinfo/voipsec_voipsa.org> > wrote:
>
> Not VoIP related per-se ...
>
>
http://www.boston.com/bostonglobe/ideas/articles/2010/04/11/please_do_no
t_change_your_password/
>
> --
>
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP
>
> "It takes 20 years to build a reputation and five minutes to
> ruin it. If you think about that, you'll do things
> differently." - Warren Buffett
>
> 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
<http://voipsa.org/mailman/listinfo/voipsec_voipsa.org>
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list