Forwarded from: Jay D. Dyson <jdysonat_private> -----BEGIN PGP SIGNED MESSAGE----- On Mon, 11 Feb 2002, InfoSec News wrote: > Two segments of the computer-security industry should shake off the > general tech-market malaise and score double-digit growth this year, a > pair of market researchers said Monday. Curiously enough, the vast majority of such jobs appear to be in the .gov sector on the East Coast; and most of those opportunities require a security clearance (which, if you don't have one already, you'll need some good luck in getting one). > Meanwhile, managed security services should grow even faster, according > to market researcher IDC, which estimates that such network-protection > providers will take in $2.2 billion in 2005, up from $720 million in > 2000. I'll believe it when I see it. By and large, managed services providers are priced well beyond the budgetary limitations of medium and small businesses (especially in today's economy). Furthermore, medium and small businesses tend not to take security as seriously as large scale firms (all of which already have and can afford their own in-house talent). As one who was previously employed as a Senior Security Engineer for a Silicon Valley-based managed services firm, I personally don't believe the managed services market is going to see any serious change in 2002 or 2003. Given the positively glacial pace at which the commercial sector embraces genuine security, I honestly don't expect anything serious to happen in that field until 2004 or 2005. > The optimistic outlook reflects the realities of a post-Sept. 11 world, > as companies and governments are turning to the computer-security > industry to help them secure their most critical information-technology > systems. Considering the continued and increasing use of Microsoft products, I find that difficult to believe. > "Enterprises are looking particularly at defensive security technologies > such as antivirus software, intrusion detection systems and firewalls," > Colleen Graham, industry analyst for Gartner Dataquest, said in a > statement. "Government and defense will increase spending in reaction to > public concern about the shamefully low scores received in security > audits performed in reaction to increased concerns about the security of > the government IT infrastructure." I personally have yet to see a truly aggressive security strategy put in place on the .gov side. And that's not for lack of trying on my part. Government sectors insist on commercial off-the-shelf (COTSE) crap over the far more flexible and robust Open Source solutions. Still worse, rather than pursuing full-blown audits of their potential vulnerabilities, they instead focus on a SANS-like "top fifty" set of problems, ignoring a wealth of other concerns that exist. If there's going to be any meaningful change to this problem, it's going to require a total shakedown...because what's in place now just isn't cutting it. > More telling than the reports, however, may be a pledge made by the > world's largest independent software company. In mid-January, Microsoft > Chairman Bill Gates stated in a company-wide e-mail that security had > become priority No. 1. Actions speak louder than words...and the words themselves are too little, too late. Hell, I'm *still* left cleaning up the Nimda, BadTrans and Sircam droppings left around my systems from other people's networks. Granted, Microsoft has recently announced that they're going to spend a month working on cleaning up their security problems. Even the most blindly optimistic soul can't possibly hope to undo decades of poor security with a 30-day code audit. That's like expecting years of dental neglect to be remedied by a five-minute brushing. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `The armed are citizens. The unarmed are subjects.' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBPGer5rlDRyqRQ2a9AQGeAwP/a/xiSm4v8T0tkY9Zm5rHBas1QXEnkR4I SMgL8JoQUepdujzHWmfFrKrgHjmSR16jMunH+dKdZWEDRxJX/qaXrCWdm6zWHkR5 zBpSbK+BNq/gTgqVdF0kyHZ0xqAFUg0z6qozgl6TjO8gqLrlAVp5mEP7MYg0jwNS MFxoHbyQv/E= =GzJB -----END PGP SIGNATURE----- - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Feb 12 2002 - 04:46:05 PST