North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: How to get better security people

  • From: Sean Donelan
  • Date: Tue Mar 26 13:30:09 2002

On Tue, 26 Mar 2002, Avleen Vig wrote:
> On Tue, 26 Mar 2002, LeBlanc, Jason wrote:
> > On that note, Etrade layed off their entire net sec team a few months back.
> > I don't trade there no more. ;)
> Fewer and fewer companies are paying attention to network security with
> the right mindset. They all want peopl who have been in the field for
> 7-10+ years, with 10+ years of general systems admin skills.

I attended my first IETF meeting in 1991.  There were 384 attendees.
There are very few people who really have 10+ years experience in this

If I was looking for top security talent, what would I ask for whether
I was hiring directly or outsourcing?  Do I want a bunch of ex-miltary,
ex-law enforcement, ex-banker, lots of certifications (CISSP, GIAC) none
of which have existed for 10 years, published papers, can answer tricky
questions about checkpoint firewalls (why is a confusing firewall
configuration a good thing?), a college degree in crypto, big 5
accounting firm (or is that now big 4 accounting firm)?

The problem right now is if you advertise for a job, you will get
blasted with literally tens of thousands of resumes.  What should I
be telling the HR department to look for?

Likewise, if I was going to outsource.  What should I be looking for
in a security management provider?

The best information security person I've ever met/worked with/etc was
at Disney Imagineering.  I've yet to find anyone at a security consulting
firm or other company that came close to matching him.