Computer security experts - lookin' for love in all the wrong places
From
Network World comes a perfect example of why traditional centralized management simply does not work:
Want a security pro? For starters, get politically incorrect and understand geek culture
While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau.
Take Janet Napolitano, U.S. secretary of the Department of Homeland Security, who has said the country can't find the right people for network defense. The real problem is a misunderstanding of computer geeks, their personalities, habits and their backgrounds, said Schwartau today during his talk at the Hacker Halted information security conference here.
According to Schwartau, there's a gauntlet of hiring obstacles today that actually work to discriminate against computer geeks who have the expertise to do the job of protecting government networks. Demands for college degrees and IT certifications and the ability to get IT security clearances should not be a priority in hiring, said Schwartau. "Forget education," he said, adding, "We need to re-design clearances -- they're a Cold War relic designed for nuclear secrets and 1950s crypto." The era of 9-to-5 is also over, he added.
He said what's holding up hiring IT security professionals can be found in the thinking of human resources departments that frown on conditions such as attention deficit disorder and autism, or obsessive-compulsive personalities which are typical of computer geeks willing to focus on an issue through the night. And although hiring rules in place tend to go the extra mile to accept alcoholism, the slightest type of illegal drug infraction makes it tough for job applicants. "We've got to start getting politically incorrect if we want to get the job done," said Schwartau.
An excellent analysis of the problem and its sources -- lawyers and human resources personnel should be the absolute last people involved in the decision-making process for hiring geeks. I would loathe working for Napolitano -- she is not smart, she was a competent bureaucrat who has now been promoted to her level of incompetency (
The Peter Principle).
The word "Hacker" has suffered a downward shift in its meaning. It used to (and still does in some circles) mean someone who likes to push boundaries but for the good -- someone who will hack into a system and then leave a small text file with their contact information in case the owner of the server wanted that particular security breach fixed... Not that I have ever done anything like that -- just sayin'
Posted by DaveH at October 29, 2012 9:14 PM