On Fri, 18 Feb 2000, Merton Campbell Crockett wrote:
> On Fri, 18 Feb 2000, jeff andrews wrote:
>
> > So if you had three candidates for hire:
> > 1) Jack Smith, Security Professional, CISSP certified.
> > 2) John Smith, ex-hacker turned security expert
> > 3) Dr. Chaos, gray hat hacker in hacker group Anarchy4Life Club
>
> 4) Jim Smith, Security Professional
>
> Number 1 doesn't know jack and advertises the fact. Over the past year, I
> have had to interview a number of people for various positions and have
> reached the conclusion that "<your-favorite-initials> certified" has to be
> treated as a red warning flag.
Ahh, much like "Mirosoft Certified Some Experience. "
Certification, with the exception of Cisco's excellent Certification (and
hands on testing) usually indicates there isn't much there, and business
love to hire based on silly little initials.
I'd higher the hacker, but I'd hire someone else to watch him. Also,
offering him enough money so he doesn't fuck around helps too. The Grey
Hat hacker will probably use much of your money, time, and resources to
promote his/her own fame.
-john
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
