[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Need advice on Colocating or Self Location
- Subject: Re: [cobalt-users] Need advice on Colocating or Self Location
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Thu Mar 28 14:17:17 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> Date: Thu, 28 Mar 2002 12:01:36 -0800
> From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
> > Another thing to consider: There are many competent, yet
> > unemployed, network gurus looking for jobs. (No, I am not one of
> > the unlucky unemployed.) You might be able to strike some
> > balance between hourly, retainer, salary, et cetera, and get
> > excellent service -- without hiring full-time people.
>
> Yes. But how do you find the right ones? Any suggestions?
See forwarded message below my spam trap. The poster was
referring to security, but it's along the right lines.
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
--
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist@xxxxxxxxx>, or you are likely to be blocked.
---------------------------------------------------------------------------
>From batsy@xxxxxxxxxx Thu Mar 28 20:51:00 2002
Date: Tue, 26 Mar 2002 14:50:02 -0500 (EST)
From: batz <batsy@xxxxxxxxxx>
To: Sean Donelan <sean@xxxxxxxxxxx>
Cc: Avleen Vig <lists-nanog@xxxxxxxxxxxxxxxx>, "LeBlanc, Jason" <Jml@xxxxxxxx>,
"nanog@xxxxxxxxx" <nanog@xxxxxxxxx>
Subject: RE: How to get better security people
On Tue, 26 Mar 2002, Sean Donelan wrote:
:If I was looking for top security talent, what would I ask for whether
:I was hiring directly or outsourcing? Do I want a bunch of ex-miltary,
:ex-law enforcement, ex-banker, lots of certifications (CISSP, GIAC) none
:of which have existed for 10 years, published papers, can answer tricky
:questions about checkpoint firewalls (why is a confusing firewall
:configuration a good thing?), a college degree in crypto, big 5
:accounting firm (or is that now big 4 accounting firm)?
I would ask for personal referrals. They are generally the only thing
worth counting.
The accounting firms have brand recognition, but the way the business
works, you are rolling dice the same way you would using a boutique.
Certifications are handy from a diligence perspective, but shouldn't
be a deal breaker. Product knowledge is handy, but doesn't demonstrate
expertise. Published papers will show expertise, but not indicate
reliability or business focus. Industry specific experience will
demonstrate business focus, but not neccesarily show clue. Academic
credentials will show persistance and some clue, but probably won't
ultimately help you sell more widgets.
:Likewise, if I was going to outsource. What should I be looking for
:in a security management provider?
Track record over the last 3 years, and personal referrals. This on
top of whatever criteria you have for requiring one in the first
place.
Brands mean very little in the face of a referral from someone
you trust, or have paid enough to trust. Services companies only real
asset is their staff, and many will debase their brand by diluting
their talent pool to deliver a more reliable recurring revenue stream
to investors.
This means fewer high clue people delivering complex but high return
services, and more middle to low end consultants delivering simple
managed services to a much broader customer base. Think of it as a
race to the bottom.
So, it depends on the solution you need. If you need enterprise network
architecture, customised IDS and incident response solultions, and
bleeding edge technology to defend your network against theoretical threats
and imagined hostile governments, find a geek-boutique of people
who speak at blackhat briefings, tell spook stories, and can show signifigant
contributions in openbsd change logs. I hear some will even throw in a tinfoil
hat, gratis.
If you need reasonably reliable, cost effective anti-virus, managed
IDS, and a checkmark or smiley face on your next audit, but aren't
terribly concerned about specific threats, read some Gartner Group
reports and pick one that seems reasonable.
I suppose this could just have been summed up by saying, get a personal
referral, as the industry hasn't been around long enough to really judge
from track records, who can provide the best service.
--
batz