Well this post may not garner me many points on anyone's list, but I think I'll state it anyway.

Most of the comments that have been posted that I read (I admit I stopped reading 5 to the end) seem to be basically either rah rah US or name calling without many facts to back it up. To be fair, here were a couple of people who shared what seemed to be personal experiences.

My thoughts on this haven't changed in the 12+ years I have worked in IT, with most of being in Security and Auditing. These are my thoughts and are not facts nor can they be proven or dis-proven.

1) We are descending in the US into a hole that this law seems to want to provide a bigger instrument to dig with. Our educational system is a joke (I went through it in the later 80's and there wasn't anything useful I learned there). I learned IT and Computer Security simply, I did it. No theory, No faux classes on how to program, I just did it and learned on the Job. But then I am the first generation in my family to make it to higher education as well as the first to be born in the US. I was taught that there was only one real way to learn and that was to actually do the work.

2) This law seems on the surface to be the typical cut off your nose to spite your face approach to security. I wouldn't be surprised if one of our Commercial IT Leaders (Microsoft, Oracle, etc..) helped the government think this up. It reeks of the stick head in sand and pray the bad stuff passes you over approach to Security. As others in this forum have stated there is no real qualification of 'qualifide applications' provisioned, only the statement that all non-US citizens will be 'banned'. This scares me in many ways. On is my above statement on my personal belief of Institutionalized learning, as well as my personal belief on the majority of 'certifications' that professional in the IT industry can achieve just based on Theory. I have had MCSE's, Novell CNE, and even a CISSP I have worked with that had never touched a computer in their life except to send emails on AOL (sie note they thought AOL was the internet), but were damn good in making people belive they knew what they weer talking about. To the point: Without qualifying the applicants (US or other) what is the point.

3) Anyone working on the Informational and Physical Security of the US and the infrastructure it is dependant on should have their backgrounds reamed and vetted regardless of nationality. As a Security Professional working with DOD and even some Govermental Contract firms this should be part of the 'price' to pay to be a part of making your country a better place.

As I stated before I started my rants, these are personal opinions and should not be taken as facts of any sort. I alos probably miss-spelled a lot of words int his rant, as my spelling is atrocious without spell checking to catch mistakes in my typing.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/367/11872#11872