Tuesday, September 23, 2008


How many fingers are required to count the number of clueless IT Security Professionals?

Today, I figured I would analyze a most wonderful comment left by William Barr...

Mr. Barr stated:The more interesting question is whether the CISO of many enterprises are aware that their staff isn't providing any value in helping protect enterprise applications in which the vast majority of the IT budget is directed at. Enterprises spend more on developing their own inhouse applications than they do on Oracle, Microsoft, Sun and Cisco combined.
The concepts of getting security professionals of encouraging them to attend OWASP and other free user groups where application security concerns become visible would be a great first start.
Actually, that isn't a bad idea. Most so-called security professionals nowadays are really practicing network hygiene and while pontificating the need for holistic approaches to security that obviously includes software development, they obviously aren't practicing what they preach. Maybe the better answer is for IT security departments to harvest the best of the software development staff (you know the ones who are disgusted with working with Indian outsourcing because they actually care about the quality of code and not just dates) and turn them into holistic IT security professionals...

<< Home
| | View blog reactions

This page is powered by Blogger. Isn't yours?