There is indeed way too much in the way of ostentatious demonstrations of ego in almost any conflict based security related industry. Because it is in many ways a martial art, we see puerile re-enactments of this in the field of battle and in training areas everywhere.

One experience I had with that a few years ago was when a boss sporting a shiny new CISSP pin on his lapel who bragged to me and my assistant that he could break into any machine on any network. He also warned me to be careful because he had a black belt in kickboxing.

This is what happens when people lack character sufficient to impress their technical superiors, who would otherwise be happy to share their techniques.

Due to the system being a product of adversial conflict, (hacker's vs. defenders, or competitive contractors vs. each other) if you are not a potential ally, there is no tactical advantage to increasing an opponent's strength.

Instead, they do not realize they are being laughed at while they wallow in ignorance.

In the end, he was neither particularly technical nor athletic, but ironically, became the director of ITSEC's right hand person.

I guess it was a case of "those that can't do, preach."

I eventually quit employment at that place in disgust, and of course have had no contact with him since.

It's a good thing, because if he reads this, he might get mad enough to put down his cigarette, and beat me up wearing his CISSP pin and kickboxing belt.

:)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/454/34742#34742