Re: Security exec picked for board

[InfoSec News <isn () c4i org>]

Forwarded from: Ejovi Nuwere <ejovi () ejovi net>

Interesting comments. Please see mine below.

> Interesting that all "Security Expert"  believe that just because
> one is placed in a position of authority, or selected for
> responsibility that one must think and behave as they do.

Sorry, I don't understand what you mean.
 
> My concern is not where the individual cut his teeth but, what
> will that individual bring to the table.  When I hear the banter
> that is generated by, "security experts" regarding the lack of
> concern of AOL, or MS or even the repetitive US Government
> Receives Failing Grade In Information Security or labeling federal
> international statutes irrelevant cause they don't see it the way
> you do.  I see you whipping them but, I do not see you offering up
> your 100,000 plus consultant job to fix the problem.


I'll give up my job for a position that could affect government policy
in regards to IT or Security at the drop of a dime. Why must we
question the integrity of those who object to government choices? When
someone takes a public position in the government they open themselves
up to scrutiny. I find the questioning of a appointee's credibility
essential to the progression of government policy. Don't we question
the Presidents credentials and relationships with large corporations?

What if Larry Wall was appointed "Head of National Identification
Systems" would we not question this choice?

Like many people on this mailing list the appointment of a former
Microsoft executive to a government position effecting policy and
security worries me. Not only because of Microsoft's history in
regards to security but because he was an executive at the largest
software company in America. A company that spends untold amounts of
money on lobbying, a company entrenched in legal and anti-trust
battles with the government still to this day. Does no one else see
the conflict of interest here?

> My 25 Years of experience has shown me that money doesn't solve
> issues people do. As security experts we should be providing
> assistance and recommendations to those desiring to better our
> environment.  More productivity is wasted in whining than in any
> other arena.

There are people who currently provide such assistance, have you seen
http://www.anti-dmca.org ? Or perhaps EFF? I ask of you not to attack
those who speak out. What we need is for people to whine, kick, scream
and cry every time we see something wrong. It is our duty as members
in this community to do so. I may not have 25 years of experience, but
I've spent my entire career focused on IT Security, and most of my
life in local politics. And I know that its the voice of the people in
public forums that make change, forums like this. For this reason I
predict nonsense such as DMCA will be modified for the better of the
security community within the next five years. Because of public
"whining".


I may not be a CISSP but I can spot a possible vulnerability from a

mile away.

This new appointee may surprise us, he may do a great job, in which case 
he will have my fullest support. But now he must prove himself. Until 
then I'll remain skeptic.

Ejovi Nuwere
http://www.ejovi.net



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.