How to suck at Security

There is this great post over at sans.org Teaching people how to to suck at Security, (actually a reprint of this post

Especially the remarks about security tools ..
On how not to implement them or how to neglect configuring, afterall the default values must be secure enough.

However My favorite

Hire somebody just because he or she has a lot of certifications.

I'd write Vendor Certifications however .. as independent certifications might have some use.. but if I`m looking for a security guy and he starts talking to me about his product certificatins, something is wrong..

Remember, security is a life style, not product you can buy ..

Comments

PieterB's picture

#1 PieterB : Interesting cheat

Interesting cheat sheet!

There is one I don't understand:
"let your antivirus, IDS, and other security tools run on auto-pilot"

Is this not the most important task of these systems? (Off-course you have to take a look often...)