[ISN] Dirty IT jobs: Grime and punishment

From: InfoSec News <alerts_at_private>
Date: Tue, 17 Apr 2012 01:59:04 -0500 (CDT)
https://www.infoworld.com/t/it-jobs/dirty-it-jobs-grime-and-punishment-190656

By Dan Tynan
InfoWorld
April 16, 2012

Dirty IT jobs don't always look so dirty at first glance.

Dressing up like Tom Cruise in "Mission: Impossible" and breaking into a 
secured facility sounds like a blast -- until you're trapped for two 
hours in the freezing rain waiting to be rescued. Think writing sexy 
games would be fun? Imagine poring over endless photo sets of explicit 
anatomical closeups.

Whether you're trying to squeeze big data into tiny spaces, moderate 
arguments between angry geeks, or hack code that's so old it qualifies 
for Social Security benefits, you're doing a dirty but necessary job.

This fifth installment in our Dirty Jobs series features tech jobs that 
can be physically challenging, mentally debilitating, or just plain 
irritating. Be thankful that these people are doing them -- otherwise, 
you might have to.


Dirty IT job No. 1: B&E artist

Dressed in black camo, hiding in the woods in the dead of night on the 
edge of a Pennsylvania mountain; it's not your typical IT job.

But that's where Matt Neely found himself more than a year ago. As vice 
president of consulting for SecureState, an information security 
management consulting firm, Neely's job is to test the physical security 
of his firm's clients, which include large federal agencies, major 
retailers, energy plants, and even entire countries. Trained in the art 
of lockpicking by his previous employer (a bank), Neely uses his 
breaking-and-entering skills so that organizations can find holes in 
their perimeter and fill them.

On this cold December night, Neely and a colleague were asked to break 
into a mining facility just past midnight and steal "trophy data," while 
two other SecureState penetration testers social-engineered their way in 
via the front gate. The coal mine was concerned about environmental 
activists breaking in and tampering with its SCADA systems, causing the 
mine to shut down. They had good reason to worry.

According to Neely, the mine's external security was so porous that he 
and his partner were in and out in 10 minutes, or about two hours and 20 
minutes less than he'd bargained for. The area around the mine was so 
remote there was no cellphone coverage, so he had no way to reach the 
other SecureState team. He and his partner had to hunker down for two 
hours in a freezing rain before they got picked up.

Roughly 75 percent of the time, Neely says he's able to break in to a 
facility without getting caught. On the other hand, he says his 
social-engineering comrades succeed about 90 percent of the time -- and 
when they fail it's usually because somebody got tipped off a test was 
coming.

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Received on Mon Apr 16 2012 - 23:59:04 PDT

This archive was generated by hypermail 2.2.0 : Mon Apr 16 2012 - 23:58:20 PDT