On Wed, 3 Apr 2002, Richard A Steenbergen wrote:
As for your service listing them... Smurfs aren't spam, so I'm not sure
what you plan to accomplish by making the data available via DNS, it would
really only be useful as a BGP feed. Even then, it's usefulness is
limited. I suppose you could
On Wed, 3 Apr 2002, batz wrote:
Personally, I would like to see a mixture of the MAPS RBL and
aris.securityfocus.com available, where emerging hostile netblocks
can be blackholed for short periods of time using attack information
gathered from and coroborated by a vast array of diverse
the way.
dp
-Original Message-
From: Sean Donelan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 02, 2002 10:18 PM
To: Christopher E. Brown
Cc: NANOG
Subject: Re: How to get better security people
On Tue, 2 Apr 2002, Christopher E. Brown wrote:
I think it comes down
On Tue, 2 Apr 2002, Christopher E. Brown wrote:
I think it comes down to being able to deal creatively with a
lack of total control, and find ways to limit what you cannot
eliminate.
Security specialists can't be everywhere, can't do everything, and
can't stop every bad thing. The
### On Wed, 3 Apr 2002 01:17:59 -0500 (EST), Sean Donelan [EMAIL PROTECTED]
### casually decided to expound upon Christopher E. Brown
### [EMAIL PROTECTED] the following thoughts about Re: How to get better
### security people:
SD While we need a few people with deep security knowledge, we also
On Tue, 26 Mar 2002, Kelly J. Cooper wrote:
I also had a short list of other questions that I used to try and get
a feel for the person's security minded-ness (my term, I invented it
a'ight?). Because when it comes to ISP security, there's a very
limited pool of talent so candidates are
On Fri, 29 Mar 2002, Kelly J. Cooper wrote:
So, just out of curiousity, why are you asking this question?
Because a couple of congressional aides asked me what I would spend
the money on. My first response was my brain didn't know how to
spend that much money. But then you get in the swing
E.B. Dreger [EMAIL PROTECTED] wrote:
Service patches were never applied. When some suspicious
happenings left said server inoperable, they just installed
Win2000 and went on, not caring what had happened or why.
No, I was not the employee. A friend of mine worked there before
getting fed
On that note, Etrade layed off their entire net sec team a few months back.
I don't trade there no more. ;)
-Original Message-
From: Sean Donelan [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 7:05 PM
To: [EMAIL PROTECTED]
Subject: How to get better security people
On Tue, 26 Mar 2002, LeBlanc, Jason wrote:
On that note, Etrade layed off their entire net sec team a few months back.
I don't trade there no more. ;)
Fewer and fewer companies are paying attention to network security with
the right mindset. They all want peopl who have been in the field for
I don't know where you get your information, but E*Trade hasn't laid-off
their network security department. In fact, we're currently adding to it.
I know there are some good network security experts on this list so if
you're looking for a position then send your resume my way.
Or to me if
Surely you're looking for someone who can tell you what they are trying to
protect from ie hacking, DoS, DDoS and how and why that is a security
problem..
Then I guess you want them to have had sufficient experience to know how
the different security products address these issues.
No other
On Tue, 26 Mar 2002, Tony Wasson wrote:
If I was looking for top security talent, what would I ask for whether
I was hiring directly or outsourcing?
I agree with Steve Wilcox, incidents are important. I would ask for a
description of the 3 most interesting incidents they've ever worked
| The problem right now is if you advertise for a job, you will get
| blasted with literally tens of thousands of resumes. What should I
| be telling the HR department to look for?
New careers.
Sean.
On Mar 26, 2:15pm, Sean Donelan wrote:
Subject: Re: How to get better security people
*
*On Tue, 26 Mar 2002, Tony Wasson wrote:
* If I was looking for top security talent, what would I ask for whether
* I was hiring directly or outsourcing?
*
* I agree with Steve Wilcox, incidents
Title: RE: How to get better security people
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 26, 2002 2:41 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: How to get better security people
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Avleen Vig
Sent: Tuesday, March 26, 2002 10:39 AM
To: LeBlanc, Jason
Cc: 'Sean Donelan'; [EMAIL PROTECTED]
Subject: RE: How to get better security people
On Tue, 26 Mar 2002, LeBlanc, Jason wrote
Title: RE: How to get better security people
A
knowledgeable investor would ask your HR department a few
questions:
1.
Which half of the resume do you believe?
2. Is
it really more economical to ignore half your talent than spend a little
checking resumes?
3.
What does it say about
-Original Message-
From: LeBlanc, Jason
What eBay does as a business is of little consequence to me, as a network
engineer, though it seems they make pretty good decisions based on things
I've seen in three years here. That fact came from someone who
worked for them in Atlanta,
Date: Tue, 26 Mar 2002 12:56:39 -0500 (EST)
From: batz [EMAIL PROTECTED]
(snip)
Nimda and CodeRed were excellent indicators of how a good
security policy can be a competetive edge during (increasingly common)
global incidents. Hopefully we will see more security folks pressing
this
'; 'Jim Popovitch'; 'Sean Donelan'; [EMAIL PROTECTED]
Subject: RE: How to get better security people
E*TRADE Financial has it's full complement of System and Network Security
people still employed. The Director and Sr. Manager of the group have been
with the Company for nearly five years
On 03/26/02, Jim Popovitch [EMAIL PROTECTED] wrote:
Somehow eTrade's following response didn't make it to the list. I think
it's important enough to resubmit it given the erroneous info posted
earlier.
[ . . . ]
This e-mail is the property of E*TRADE Group, Inc. It is intended only for
According to a recent salary survey telephone companies have some
of the lowest paid information security professionals in comparison
with other technology corporations, federal government, or financial
companies. When the US Transportation Security Administration (aka,
the agency in charge of
23 matches
Mail list logo