Ouch! Let me quickly dispell any rumors here.....I don't know (or think I know) everything about security...not even close. As I mentioned in another response that you probably haven't seen...."Kevin does have valid observations. He is correct". My point wasn't to say that his observation was wrong but rather to question "should we be listening"...or maybe more appropriately "should we be listening blindly".

I just find it interesting that in THIS industry we seem to sweep this kind of thing under the rug. We actually listen to the advice of lawbreakers or people of questionable character but we don't do it anywhere else. Convicted murderers aren't on the FBI Murder units (whatever they're called) because "they 'understand' murderers", arsons aren't typically hired as Fire Chiefs because "they 'understand' fire better than anybody else", etc. Information security is not different. I'm sure that the arson really does have an excellent understanding of fire....its just that there is so much baggage that comes with it that it makes it impractical to hire him....despite his expertise.

I think the Kevin, and others like him, are probably far better at certain aspects of security than most of us are (myself included)...no doubt. I'd rather have a dozen guys working for me (or giving me advice like this) that are "not as good as Keven" but are trustworthy.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/199/5491#5491