Re: Daemons on the Net

[William Knowles <wk () C4I ORG>]

Forwarded by: Russell Coker <russell () coker com au>

> I was at a conference recently talking with the CEO of a computer
> security company who emphatically stated "We don't hire hackers."
> Curious, I asked if she meant that her company doesn't hire people
> with criminal records. She clarified "We don't hire people who attend
> DefCon, have online handles or who participate in hacker forums. Or
> who hang around with hackers". In other words, they don't hire people
> who don't conform to mainstream. I wonder how they determine who
> associates with "undesirables"?

I think that Carole raises some very valid points.  However I
personally doubt that it'll have much of an impact on us (the security
people and net-admins who sometimes get called hackers). Administering
networks is something that I enjoy doing, and that pays well.  I
sometimes have managers comment on me being a "hacker" in a derisive
way, my usual response is to invite them to hire someone who is less
of a so-called "hacker" to replace me.  I know that I can get a new
contract 100 times more easily than any of my clients could replace
me.  I also know that if I found it difficult to get work doing
network administration because of a hacker witch-hunt then I could get
work that's almost as profitable and fun doing C++ or Java software
development.

If companies decide to not hire people like me then they won't be
hurting me or my friends.  They will only hurt themselves and people
unwise enough to own shares in them.

For the record, I enjoy hanging out with crackers (black hats) because
they are intelligent, knowledgable, and generally have similar
non-computer interests to me.  I wish that there were more such
people.  I have a number of "handles" that I use on occasion, but I'm
not one of those idiots who hang out on IRC.  I attend meetings of the
nature of DefCon, I would like to attend DefCon but the USA is
inconveniant so I don't visit that country more than once a year (and
other events in the US are more important at the moment).  But I have
a very clean record, not only do I not have a criminal record but I
have passed extensive background checks for developing software for
the gambling industry.

If my background isn't clean enough for you then hire someone else.
You will be the one who has to deal with security problems caused by
inept employees.


Russell Coker


> About the author
> ----------------
> Carole Fennelly is a partner in Wizard's Keys Corporation, a company
> specializing in computer security consulting. She has been a Unix
> system administrator for almost 20 years on various platforms, and
> provides security consultation to several financial institutions in
> the New York City area. She is also a regular columnist for SunWorld
> (http://www.sunworld.com). Visit her site (http://www.wkeys.com/) or
> reach her at carole.fennelly () sunworld com

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".