('binary' encoding is not supported, stored as-is) In-Reply-To: <20021204003648.EE0FD8028at_private> Well, no wonder you're not happy; you need a reality fix. You are looking for the impossible and will never find it. No company considers security a top priority nor should they. Security isn't a money maker for anyone. Even security companies are in the business of selling, not security. Therefore, security is like insurance - it's something you need to protect the business, but it isn't the business of the company. That means that any company with security as a top priority would soon go out of business because their priority isn't on the business. Because security isn't the top priority, it will never have a very big piece of the budget. That means that the company is always looking for just enough security and no more - their definition and not yours. Building custom solutions to complex security problems is very expensive and slow. So, companies aren't likely to do it or be able to afford it. Therefore, they have to use commercial-off-the-shelf tools to solve their security problems. As those aren't perfect, they won't give a perfect solution, but it is likely to give them "just enough security". The cost/benefit analysis will almost always make vendor widgets win out. If you are in an organization by yourself or you are an absolute dictator of the organization, you can make things happen very efficiently. Otherwise, you have to work with people. For better or worse, everyone has different ideas and agendas. They also have ambitions and goals that probably don't include you in any way, shape, or form. Making all that happen on a day-to-day basis is called politics. It's ugly, mean, and inefficient. However, it is a fact of life in business. (OK, it's a fact of life in all human social engagements.) You can either fight against it and get yourself killed or you can play the game and get as much done as you can. (Third option - stay out of the way and do what you are told.) There really aren't any other choices. BTW, of course you are solving the same problems over and over. Most companies aren't nearly as unique as they think they are. They also all have the same threats, risk, and vulnerabilities. That's because they all use the same systems, tools, and methodologies. That's why they need your expertise. If they really were unique they probably wouldn't need you. They hire you because you have the knowledge that can be quickly and easily plugged into the problem. Companies don't hire brainpower; it usually isn't needed in business and often gets in the way. So, good luck finding your ideal job. I don't believe you will. If you think you have, I doubt you'll be happy in it for very long. Clyde <snip> > >Well, it's been roughly a year since I first posted here to the securityjobs >list, and I still haven't found any permanent position I'm interested in. I >am getting to -really- dislike consulting---spend too much time looking for >contracts and end up dealing with too many bozos, solving the same problems >over >and over. > >So, I'll ask the list again: anyone out there looking for, or know of someone >looking for a serious information security goon? I'm a UNIX bigot >(I use OpenBSD by preference and edit everything with vi, if that helps you >peg me), and spend a lot of my spare time writing statistical intrusion >detection code. In short, I'm really not looking for entry-level stuff. > >The ideal employer I'm lookin' for: > > -Considers security a top priority > -Isn't already married to vendors for their security widgets > -Is organised such that a single motivated individual can make > things happen on a day-to-day basis > >Ideally, I like working for smaller shops---startups, previously. The main >reason for this is I prefer to build things from the ground up rather than >try to fix 'em after the fact. I have experience working in just about every >kind of environment from brand-new startups to multinationals, from research >institutions to financial services companies. > >I won't bother posting a resume, but if anyone is interested I can supply 'em >with one. I currently live and consult in the Silicon Valley/San Jose area. >I'd be willing to entertain the idea of relocating for the right position. > >Thanks for your time. > > > > >-spb
This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 11:37:01 PST