Re: [Full-Disclosure] Authorities eye MSBlaster suspect

From: Paul Schmehl (pauls_at_utdallas.edu)
Date: 08/30/03

  • Next message: Richard M. Smith: "[Full-Disclosure] The Jeffrey Parson criminal complaint is online" 
    To: full-disclosure@lists.netsys.com
Date: Fri, 29 Aug 2003 20:21:44 -0500

    --On Friday, August 29, 2003 7:13 PM -0400 Valdis.Kletnieks@vt.edu wrote:
    >
    > You're totally missing the point.
    >
    And this surprises you?
    >
    > If I'm doing security 30 hours a week, that's 30 hours a week I'm not
    > available for other things.
    >
    [skip the long litany of *other* things you could be doing]
    >
    In case anybody thinks that Valdis is somehow bragging, forget it. The
    many roles he is expected to fulfill are typical in a university
    environment. There *is* no such thing as "an intrusion detection
    specialist". Everyone in edu wears many hats - most of which are fulltime
    jobs in their own right.
    >
    > And you can't weasel out by saying "Hire somebody else to do that other
    > stuff" or "hire somebody else to do security" - the point is that if we
    > did hire somebody else, then we'd only have 1 person of the 2 available
    > for productive work. If we didn't have to keep spending resources on
    > security, BOTH people would be available then.

    That's won't stop anyone from trying though. They actually think
    "security" is the stuff you *should* be doing, not helping your users be
    more productive.

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Richard M. Smith: "[Full-Disclosure] The Jeffrey Parson criminal complaint is online"

    Relevant Pages