Slashdot Mirror

← Back to Stories (view on slashdot.org)

Want a Security Pro? Get Politically Incorrect and Learn Geek Culture

Posted by samzenpus on from the fight-trolls-with-trolls dept.

coondoggie writes "While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau. Take Janet Napolitano, U.S. secretary of the Department of Homeland Security, who has said the country can't find the right people for network defense. The real problem is a misunderstanding of computer geeks, their personalities, habits and their backgrounds, said Schwartau today during his talk at the Hacker Halted information security conference."

9 of 314 comments (clear)

  1. My mother's basement is well defended by Anonymous Coward · · Score: 5, Funny

    My mother's basement is well defended !!!!!!!

  2. Right by Antipater · · Score: 5, Insightful

    And the Catholic Church could prop up its declining clergy membership by recruiting straight from the local sex offender registry.

    Seriously, what the fuck? "Legal niceties" is another term for these rules are in place because we don't want to get fucked over again by someone we trusted. They're there for a reason, and actively circumventing them to search for applicants is inviting yourself to get burned. Maybe some of them could be relaxed, sure, like the one-time drug offense bit for security clearances. But just saying "they're narrowing our pool of applicants!"...Shit, Sherlock, that's why they exist!

    --
    Everything is better with chainsaws.
    1. Re:Right by jlechem · · Score: 5, Informative

      I agree 100%, I used to work for a DoD contractor that required secret security clearance. Somehow I managed to pass but I referred several people who didn't make it past the preliminary background check. All of them were extremely competent and excellent programmers. However I found some were because of bankruptcy and others had actual criminal backgrounds. I agree loosening the rules would increase the pool of applicants but in the eyes of the US government who are you trusting with what can be very sensitive information. They only want squeaky clean individuals to keep their risk down. But then they get guys like Bradley Manning who decide to steal info pretty much from right under his bosses noses so I don't know. It's double sided but I see why they do it.

      --
      Hold up, wait a minute, let me put some pimpin in it
  3. Marijuana/Drug Laws by Midnight_Falcon · · Score: 5, Informative

    I haven't met a too many good hackers who haven't, at least at one time, engaged in some drug use -- whether it be smoking weed (usually), tripping on mushrooms/acid, or cocaine etc..it seems to permeate the culture quite a bit.

    A couple three-letter agencies once tried to recruit me, but I didn't want to stop going to festivals/parties, smoking pot, etc. It felt like I would have to become a square and this job would be my life, and I'd have to disown much of the culture I was associated with previously. Plus, I thought if I went forward, I'd never get past the polygraph where they ask you tons of questions about drug use, and it would just be a waste of time.

    For context, I am an IT professional with a specialization in security and about 20-40% of my workload is security related.

    Maybe if drug testing wasn't required, these agencies would get more applicants. But no one wants to piss in a cup on a monthly basis to work at a rate of pay less than they could get at companies that don't drug test.

    1. Re:Marijuana/Drug Laws by Chris+Mattern · · Score: 5, Insightful

      I haven't met a too many good hackers who haven't, at least at one time, engaged in some drug use -- whether it be smoking weed (usually), tripping on mushrooms/acid, or cocaine etc..it seems to permeate the culture quite a bit.

      Now, is that because good hackers tend to be drug users--or is it because *you* are a drug user and thus a larger percentage of the people you meet are drug users?

  4. Two big barriers by AarghVark · · Score: 5, Interesting

    There are two big barriers for government IT hiring:

    Pay scale
    The GS payscale doesn't map well to high-end IT skills. So often you end up with the marginally qualified, or those rare individuals who are not only not in it for the money, but somehow find a way to turn down offers every quarter from another round of head-hunters.

    Extra scrutiny
    The government security and screening process is a lot tougher than many commercial enterprises. It leads to ironic debtor-prison type situations where an otherwise qualified guy about to have his house foreclosed can't get the job because he is a security risk because he needs the money. The government just doesn't want to take the risk he will be try to pay off his bills by selling access to the highest bidder.

  5. Ah, but What is a Hacker Like? by VortexCortex · · Score: 5, Informative

    An important point: Except in some relatively minor respects such as slang vocabulary, hackers don't get to be the way they are by imitating each other. Rather, it seems to be the case that the combination of personality traits that makes a hacker so conditions one's outlook on life that one tends to end up being like other hackers whether one wants to or not (much as bizarrely detailed similarities in behavior and preferences are found in genetic twins raised separately).

    General Appearance
    Intelligent. Scruffy. Intense. Abstracted. Surprisingly for a sedentary profession, more hackers run to skinny than fat; both extremes are more common than elsewhere. Tans are rare.

    Dress
    Hackers dress for comfort, function, and minimal maintenance hassles rather than for appearance (some, perhaps unfortunately, take this to extremes and neglect personal hygiene). They have a very low tolerance of suits and other ‘business’ attire; in fact, it is not uncommon for hackers to quit a job rather than conform to a dress code. When they are somehow backed into conforming to a dress code, they will find ways to subvert it, for example by wearing absurd novelty ties.

    Female hackers almost never wear visible makeup, and many use none at all.

    Physical Activity and Sports
    Many (perhaps even most) hackers don't follow or do sports at all and are determinedly anti-physical. Among those who do, interest in spectator sports is low to non-existent; sports are something one does, not something one watches on TV.

    Further, hackers avoid most team sports like the plague. Video games being a notable exception, both in terms of team play and consideration as a sport... Hacker sports are almost always primarily self-competitive ones involving concentration, stamina, and micromotor skills: martial arts, bicycling, auto racing, kite flying, hiking, rock climbing, aviation, target-shooting, sailing, caving, juggling, skiing, skating, skydiving, scuba diving. Hackers' delight in techno-toys also tends to draw them towards hobbies with nifty complicated equipment that they can tinker with.

    The popularity of martial arts in the hacker culture deserves special mention. Many observers have noted it, and the connection has grown noticeably stronger over time. In the 1970s, many hackers admired martial arts disciplines from a distance, sensing a compatible ideal in their exaltation of skill through rigorous self-discipline and concentration.

    Today, martial arts seems to have become firmly established as the hacker exercise form of choice, and the martial-arts culture combining skill-centered elitism with a willingness to let anybody join seems a stronger parallel to hacker behavior than ever. Common usages in hacker slang un-ironically analogize programming to kung fu (thus, one hears talk of “code-fu” or in reference to specific skills like “HTML-fu”).

    Education
    Nearly all hackers past their teens are either college-degreed or self-educated to an equivalent level. The self-taught hacker is often considered (at least by other hackers) to be better-motivated, and may be more respected, than his school-shaped counterpart. Academic areas from which people often gravitate into hackerdom include (besides the obvious computer science and electrical engineering) physics, mathematics, linguistics, and philosophy.

    Food
    Ethnic. Spicy. Oriental, esp. Chinese and most esp. Szechuan, Hunan, and Mandarin (hackers consider Cantonese vaguely déclassé). Hackers prefer the exotic; for example, the Japanese-food fans among them will eat with gusto such delicacies as fugu (poisonous pufferfish) and whale. Thai food has experienced flurries of popularity. Where available, high-quality Jewish delicatessen food is much esteemed. A visible minority of Southwestern and Pacific Coast hackers prefers Mexican.

    For those all-night hacks, pizza and microwaved burritos are big. Interestingly, though the mainst

  6. Re:I'm sure geeks by RightwingNutjob · · Score: 5, Insightful

    I don't want a "good hacker" whose tendencies toward "counter-culture" are a hard-wired reflex. I want a competent engineer who understands what he's working with and knows how to be effective: sometimes by kissing ass, more often than not by saying "fuck off and let me work" with the right level of polish (sometimes none). If your idea of the best of the pool is someone who hacks and tinkers without being able to buckle down to do some real engineering (which means not just being able to pull off epic shit, but doing it in such a way that it's clear that it accomplishes the objective and isn't only documented between the guy's ears), you're asking for movie hackers, not for what you need.

  7. Draft people into Congress ... by perpenso · · Score: 5, Insightful

    For the House of Representatives we should probably draft them, like the Army used to. Walk out to the mail box, open the letter from the gov't, ... damn I have to report to Congress for two years. That way we get a broader sampling of perspectives and experiences. The type of people we want probably would not apply for the job (volunteer). :-)