[Full-Disclosure] Are PHC going to ultimately secure more work for "Security Consultants"?

From: James Martin (fulldisclose@uuuppz.com)
Date: 09/16/02


From: fulldisclose@uuuppz.com (James Martin)
Date: Mon, 16 Sep 2002 12:56:29 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been pondering the real effect PHC are going to have (if at
least
partially successful) on the "Security Industry". My conclusion is
that
ultimately they will help, not hinder the industry. I'd be interested
to
hear your comments on my argument.

What does the industry rely on to maintain a market? Fear. Fear of
breaches
of privacy. Fear of vandalism. Fear of embarrassment. Fear of loss of
productivity.

For a company to invest in maintaining security, they must be able to
justify their fears. As many of you know it can be very difficult to
convince those in suits that there's a real risk of being hacked. A
tangible
representation of the risk is often needed, rather than just
protecting
against an unknown enemy.

The spread of worms and viruses has had a very noticeable effect on
the
security policy in several companies to which I have involvement.
CodeRed
and Nimda are words known to many relatively untech-savvy managers,
they
instil fear. However it is still difficult to convince many that
there is a
real risk of non automated attacks on their systems (i.e. real people
hacking them, not a worm or virus). Part of the reason for this is
there is
no coherent focus on who these unknown enemies are.

If PHC et al succeed in building a name for themselves in the media,
they
will become to Al Quida of the security industry. Still very sketchy
in
detail, but a label for the risk. This in my opinion should prove a
powerful
weapon in the arsenal of those pushing for larger (or even some)
budgeted
capital for security related services.

Ultimately a threat is going to strengthen the industry not weaken
it. Keep
up the good work PHC, your securing the internet ;P.

Regards
James

Web: http://www.uuuppz.com
Email: me@uuuppz.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPYXG5vL9eRNyreu5EQKcmwCeMJL90UqqB0jXru9p8B81wXM95VgAn2xr
+f96Zs+LvLOqUOmRViFocIzp
=oFx7
-----END PGP SIGNATURE-----



Relevant Pages