http://127.0.0.1:8080/blog/taxonomy/term/1154/0 en http://127.0.0.1:8080/blog/how-suck-security <p>There is this great post over at <a href="http://isc.sans.org/diary.html?storyid=5644" rel="nofollow">sans.org</a> Teaching people how to to suck at Security, (actually a reprint of <a href="http://www.zeltser.com/security-management/suck-at-security-cheat-sheet.html" rel="nofollow">this post</a></p> <p>Especially the remarks about security tools ..<br /> On how not to implement them or how to neglect configuring, afterall the default values must be secure enough.</p> <p>However My favorite<br /> <cite><br /> Hire somebody just because he or she has a lot of certifications.<br /> </cite><br /> I'd write Vendor Certifications however .. as independent certifications might have some use.. but if I`m looking for a security guy and he starts talking to me about his product certificatins, something is wrong..</p> <p>Remember, security is a life style, not product you can buy ..</p> http://127.0.0.1:8080/blog/how-suck-security#comments certification false feeling of security life style security Sun, 18 Jan 2009 13:05:03 +0000 Kris Buytaert 859 at http://127.0.0.1:8080/blog