IMHO you get what you pay for. What usually happens to go one step further is that contracting companies with connections in Salem and usually with the lowest bid get the job. The bottomline is money. As a custom application/database developer with current technology skills and knowledge I will accept only those jobs that I feel are worth the money being paid. Work is plentiful right now for custom application development and the ones looking for work instead of the work coming to them will literally work for nothing just to generate income. You get what you pay for. As to milking the state dry... the project manager needs to have the knowledge to know what he/she exactly needs and to realize when they are getting milked. That is their responsibility. I have seen too many times where I knew I could tell a client that they needed this more expensive solution when I knew if could be done more cost effectively with another method or solution. To get that type of technical talent costs $$$. I see that as the larger issue. James Wilcox wrote: > http://bluebook.state.or.us/state/constitution/constitution.htm > > James R. Wilcox, CISSP > 10433 SW 53rd Ave > Portland, Oregon 97219-5837 > 503 245-6934 > 503 799-8438 mobile > > -----Original Message----- > From: owner-crime@private [mailto:owner-crime@private]On Behalf Of > c.radley@private > Sent: Tuesday, September 24, 2002 10:28 AM > To: crime@private > Subject: RE: CRIME Computers vulnerable at Oregon department > > Oregon had computers in 1859 ? > > Wow, I am impressed :-) > > But seriously, could you clarify a bit on what the > consitutions really means here ? > > Presumably it mandates three separate branches of govt, > ie executive, legislative and judicial. > > Those three branches need to be separate. > > But is there anything stopping centralization within > each branch of govt ? > > CFR. > > It might be helpful to consider that the State of Oregon is a > decentralized > > organization. Not all agencies even report to the Governor. No single > person > > can mandate security rules... by the charter established in 1859. > > > > James R. Wilcox, CISSP > > 10433 SW 53rd Ave > > Portland, Oregon 97219-5837 > > 503 245-6934 > > 503 799-8438 mobile > > > > -----Original Message----- > > From: owner-crime@private [mailto:owner-crime@private]On Behalf Of > > alan > > Sent: Monday, September 23, 2002 2:54 PM > > To: T.Kenji Sugahara > > Cc: Andrew Plato; crime@private > > Subject: Re: CRIME Computers vulnerable at Oregon department > > > > On Mon, 23 Sep 2002, T.Kenji Sugahara wrote: > > > > > What's needed is buy-in from the Governor on down. (e.g. a fundamental > > > shift in thinking). > > > > > > Each agency head needs to understand the costs and benefits of > > > security. They need to be advised of the cost of computer insecurity. > > > > The problem here is that the people assigned to these posts by the > > Governor are all political appointees. > > > > Here is how it works: > > > > A new Governor gets elected. He kicks out the old heads of the > > departments with his buddies who helped get him elected. Those people go > > in and change everything around to "make their mark" (kind of like how > > dogs mark territory) and show that they are "in charge". The people in > > those agencies are already disolusioned because they have seen it happen > > every time there is a regime change. Everything gets changed and nothing > > gets fixed. > > > > > Risk management needs to be all over this issue. Identity thieves have > > > already been caught with copies of DMV records on CD. What's next? > > > Each breach could cost the state millions with ensuing litigation. > > > > > > Would people on this list be willing to put their names on a piece of > > > paper that says we need to make security a priority in Oregon > > > government? > > > > Eisier said than done. You can make all the proclimations that you want, > > but you have to have the people to be able to do it. > > > > Last I knew the state had a hiring freeze. You have to get past that. > > > > The way around the hiring freeze is that they hire consultants. > > Unfortunatly, who get hired is usually the contracting companies that have > > connections in Salem. The one I worked for was composed mostly of old > > COBOL programmers and people who could not get real work. > > > > Making the proclimation is one thing. Getting someone in their who can do > > the job without milking the state dry is another. > > James Wilcox wrote: > http://bluebook.state.or.us/state/constitution/constitution.htm > > James R. Wilcox, CISSP > 10433 SW 53rd Ave > Portland, Oregon 97219-5837 > 503 245-6934 > 503 799-8438 mobile > > -----Original Message----- > From: owner-crime@private [mailto:owner-crime@private]On Behalf Of > c.radley@private > Sent: Tuesday, September 24, 2002 10:28 AM > To: crime@private > Subject: RE: CRIME Computers vulnerable at Oregon department > > Oregon had computers in 1859 ? > > Wow, I am impressed :-) > > But seriously, could you clarify a bit on what the > consitutions really means here ? > > Presumably it mandates three separate branches of govt, > ie executive, legislative and judicial. > > Those three branches need to be separate. > > But is there anything stopping centralization within > each branch of govt ? > > CFR. > > It might be helpful to consider that the State of Oregon is a > decentralized > > organization. Not all agencies even report to the Governor. No single > person > > can mandate security rules... by the charter established in 1859. > > > > James R. Wilcox, CISSP > > 10433 SW 53rd Ave > > Portland, Oregon 97219-5837 > > 503 245-6934 > > 503 799-8438 mobile > > > > -----Original Message----- > > From: owner-crime@private [mailto:owner-crime@private]On Behalf Of > > alan > > Sent: Monday, September 23, 2002 2:54 PM > > To: T.Kenji Sugahara > > Cc: Andrew Plato; crime@private > > Subject: Re: CRIME Computers vulnerable at Oregon department > > > > On Mon, 23 Sep 2002, T.Kenji Sugahara wrote: > > > > > What's needed is buy-in from the Governor on down. (e.g. a fundamental > > > shift in thinking). > > > > > > Each agency head needs to understand the costs and benefits of > > > security. They need to be advised of the cost of computer insecurity. > > > > The problem here is that the people assigned to these posts by the > > Governor are all political appointees. > > > > Here is how it works: > > > > A new Governor gets elected. He kicks out the old heads of the > > departments with his buddies who helped get him elected. Those people go > > in and change everything around to "make their mark" (kind of like how > > dogs mark territory) and show that they are "in charge". The people in > > those agencies are already disolusioned because they have seen it happen > > every time there is a regime change. Everything gets changed and nothing > > gets fixed. > > > > > Risk management needs to be all over this issue. Identity thieves have > > > already been caught with copies of DMV records on CD. What's next? > > > Each breach could cost the state millions with ensuing litigation. > > > > > > Would people on this list be willing to put their names on a piece of > > > paper that says we need to make security a priority in Oregon > > > government? > > > > Eisier said than done. You can make all the proclimations that you want, > > but you have to have the people to be able to do it. > > > > Last I knew the state had a hiring freeze. You have to get past that. > > > > The way around the hiring freeze is that they hire consultants. > > Unfortunatly, who get hired is usually the contracting companies that have > > connections in Salem. The one I worked for was composed mostly of old > > COBOL programmers and people who could not get real work. > > > > Making the proclimation is one thing. Getting someone in their who can do > > the job without milking the state dry is another. > >
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 15:41:16 PDT