Slashdot Mirror

← Back to Stories (view on slashdot.org)

Want a Security Pro? Get Politically Incorrect and Learn Geek Culture

Posted by samzenpus on from the fight-trolls-with-trolls dept.

coondoggie writes "While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau. Take Janet Napolitano, U.S. secretary of the Department of Homeland Security, who has said the country can't find the right people for network defense. The real problem is a misunderstanding of computer geeks, their personalities, habits and their backgrounds, said Schwartau today during his talk at the Hacker Halted information security conference."

1 of 314 comments (clear)

  1. Re:I'm sure geeks by Anonymous Coward · · Score: 0, Flamebait

    I'm going to no-true-scottsman myself in this argument, but I'm fine with that.

    You must be a rarity in a rarity...

    There *are* non deviant geeks, I've met maybe three in 35 years. None of them are in the 'top 50' I have had the pleasure of speaking or working with with.

    There's been maybe a dozen who seem non-deviant until you get to know them--good enough to pass or fabricate a background check.

    One of them is a leading expert in her field, but...she's not the right type of geek for hacking, and is too narrowly focused to ever be a 'good' hacker in anything other than microcode on x86.

    I have no language to express how incredibly uncommon it is in a world where learning is encouraged by rote memorization, obedience, adherance to rules and blind faith in rule of law and subservience to authority. Where people teach to tests and promotion systems reward best buddies over competence that you will find a "social, pleasant, accountable worker" that is a hacker.

    Hacking is about the subversion. The penetration. The defiance of rules, order, expectations. It's about coming at the target sideways in a craven, unorthodox manner. Anything else is just scripting.

    You see -- the problem is most geeks are good geeks because they're actually practiced philosophers -- learned through use of logic, studied in socially diverse literature and all the documentation they can eat. Subserviant to the iron rule of reality over social niceties.

    We get these systems not just because we build them and use them, but because unlike the clusterfuck of your "clean, social, pleasant accountable workers" -- our system is actually honest. We only care what works. What comes out when we put something in. What works in your corporate system isn't the reward we care about -- it isn't a motivation. Usually, it's s a curse.

    Technical skills can be taught...but mostly, our education system breeds people who are not, and by no amount of education will /ever/ be fit to be a geek. They can't learn to program, they can't learn to debug, they can't learn to step back three feet to look at what a program actually does, much less to go back a hundred feet and understand a complex process. They definitely can't be taught any degree of intuition, experience, or love of the job. Most of them can't even be taught to avoid what amounts to basic malpractice because our education teaches the means to an end instead of working to preserve an objective.

    And the ones that might be promising...well, your math, science, philsophy, literature are medieval in quality. You crush them just as they should start to nurture and complain that you can't fix it later.

    You can teach the MCSE how to add a new nameserver, but you can't teach her how to add and debug a domainkey without giving her a checklist. Or how to look it up. Or how to read the protocol. And for the thousand engineers on /. who cry foul -- you are counter examples who exist, but you are outnumbered. And most of you would side with me anyway in a heartbeat.

    And the very very few who find the xen path... aren't enough to carry the weight of your hierarchical incompetence.

    Many of the people that succeed as hackers do so in spite of education, deference to authority, and societal niceties. We have learned disrespect, shoddyness, and our bitter jibes as a time saving defense mechanism -- a way to filter out people not worth the cost of conversation. People with something worth saying will say it anyway. People who think their suit makes their argument important... will make themselves known and get sent to the killfile.

    So for your newflash --

    We aren't the defective ones.

    Your system is defective. Your entire metric is defective. The very way you define, measure, process, and analyze success guarantee your failure.

    And a lot of the hackers out there think you deserve it despite cringing at the impending crisis of education your line of thought causes. We s