I have worked in industry, and have worked in higher education - the list of problems in both related to educating AND training workers is long. And the "blame" list is even longer. But looking at this from another angle - the world has changed
What used to be lower skilled labor is now done by robots. Robots do warehouse stocking/packing/shipping. Robots manufacture things from big to small. I use robots to clean my house. The day will come when taxi's are replaced by self driving cars. What is the point of this argument? We have changed our world and the social economics that were the norm of the past, are not the norms of the future. The need for high tech workers, at a wide range of skill levels will continue to drive many in college.
The real challenges ahead are not those of the past. How do we develop the workforce of the future? How do we develop the new social economic models where large sections of previously employed are replaced by automation - how do we develop the policies and models to balance societal benefits?
And how do we fi our education system to support this new world. I doubt many would say our current system is adequate and meeting our needs - how do you fix it?
This is bigger than student debt and college costs - these are the just the tip of the iceberg
"It is not the designers responsibility. Rather education campaigns to assist application developer and operator community in selecting appropriate cipher suites and or more work in security stacks to provide generally applicable options."
This mentality has led to so many errors - lest I say many C functions, that routinely result in fail because no one did bounds checking . . . We will always have poor developers, so we need to use standards and tech to help them get it right. Saying it is the developer's responsibilities to get it right is fantasyland, and to everyone who has been there they know it is never as great as they thought it would be.
I see complaints of a lot of sources of cost - high professor salaries, declining state support, etc.
I work in a major State University and I see rising costs associated with bureaucracy associated with government. State funding comes with the requirement for tons of paperwork - research funds, paperwork and people to process it. Loans, paperwork and people to process it. Federal funds - more paperwork, more people. We have numerous offices of senior people who oversee reporting programs. These programs serve the government masters, not the needs of the student . . .
While each additional paperwork requirement seems "useful" the weight of many sheets of paper becomes heavy fast.
This is what happens when you automate things and accept all claims as true. Sad thing is, "the industry" will say this is a small price to pay, and NASA being a government agency will not pursue it. This needs to be a wakeup call before we allow ISP's to monitor and police everything - there needs to be a human in the loop to fix these issues - and timely, not is days or weeks, but with the same SLA as the automated system. Right now, it is almost like the recording industry is calling the shots and everyone is guilty unless they prove they are not infringing. In the US, shouldn't the system be the other way around?
The article (yes, I RTFA) says very little about science other than climate change - What about alternative energy (regardless of greenhouse gases), computers, space exploration, advances in transportation, standard of living, food generation, medical care, etc. Science is everywhere, yet we either take it for granted or ignore what we don't want to confront. SOPA is correct in idea - we need to protect intellectual property, but flawed in science - the way they want to do it does not fit with how the Internet and networking was designed . . . I bet we ignore the science and pass a law because it is so important . . .
Science doesn't do sound bites, so we won't find the Higgs particle in the US, nor will will solve many of the upcoming scientific grand challenges. We deserve the fate we select . . .
Trying to avoid getting off-topic and digressing into yet another diatribe on Smart-Grid technologies and focusing on the content of the book. . .
This is a good introductory book on the topic. Not very deep, nor will you find the technical details on the wide range of technologies, but then again - the technical details of Smart Grid technologies would fill thousands of pages and the discussion of all the security implications, thousands more. So, this book is a good 50,000 foot view, and it fills a void as I know of no other general introductory text. I agree with some of the comments, that the actual analysis is a bit weak, that at times it seems like they just substitute "smart grid" for "network" before security and do mass replace function. And, in reality, this will not be the path to securing this technology, as it has different purposes and characteristics than a standard TCP/IP network. That said, it is still a decent book and worth the read if you want to learn about the ideas behind the new technologies coming to us like a out of control freight train.
Mandatory Disclaimer: I am not, nor do I know the authors. I have read the book (cover to cover) and bought several for people on my Smart Grid team.
First, I am not a lawyer, nor do I play one on TV. I do believe that lawyers play an important balancing and cleansing function in the marketplace. If things get out of balance, lawyers can act as a balancing force, chewing up excesses.
In a perfect world, we would not need laws, nor would we need lawyers. We don't live in a perfect world, so, hence we need these control structures. If we don't like what they do, then we need to take the appropriate actions to avoid interactions. If you think addressing risk is expensive, wait until you address outcomes when risk was ignored . . .
So - back to the point - is the market functioning efficiently, or is it broken - the legal system is a part of the control mechanism for free markets, get used to it and use it wisely.
This is like watching two rich kids fight, neither has experience in kicking ass the old fashioned way, they both want to buy the solution - I say bring on the lawyers, they need the money
This is just another example of the "Hawthorne Effect" - a phenomena observed that when workers had working conditions modified, their productivity increased. We have known since the 1930's that people behave differently when they believe they are being observed or that their environment is under their control, or that there is a mechanism to improve thier work environment. And this effect results whether or not these changes are true or effective.
As one who has attended many BlackHat conferences - I take offense to the line "Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue"
In my experience, BlackHat presenters have followed responsible disclosure - including this year's high profile ATM exploit talk, which, for instance can not be replicated by those in attendence (proof was given that it can be hacked, but the sourcecode was not released) - and the industry certainly knew it was coming for > 1 year - and the end of the presentation gave simple directions about how to mitigate the issues. . .
First a shoe bomb makes me take off my shoes at the checkpoint.
If this is truly a pants bomb, then they have really won, for imagine us having to take off our pants before going through the metal detector.
Brilliant stategy.
that is the next step, end Christmas - with that silly poem, ". . . and their hearts all a glow, will find it hard to sleep tonight. They know that Santa is on his way . . . " it is all a conspiracy against all good things of winter (oops, will pay the fine) and snow (oops, again)
Seriously, they need a chance to protect their financial interests, but based on their past performance, when will someone step up and say: "Enough, and NO"
What's the big deal . . . try basic competence in communications101?
My defense strategy
1) commit crime
2) change name - be sure to tell all my friends I am no long John Doe, I am now John Smith
3) when confronted, tell the authorities - hey, that isn't me - I'm John Smith . . . now
Changing your name in a reorganization does not resolve problems of aliases, references (OK, update your links, but how about old news stories, etc - can't update what has already been written . ..)
You may appreciate not paying the relatively small domain name fee as a savings in taxes, but what was the real cost of the "reorganization"? a lot more than a domain name entry. Not to mention, should this not have been under.UK not.org? How official is a.org?
Of course to save more tax dollars, why not have everyone sign up for their own free gmail account?
I see a whole brave new world of testing before pre-nuptials . . .
But, if I have a defective gene, will that qualify me as handicapped under something like ADA? Will there be a high risk pool that I will be forced to "date" out of?
So many questions . . .
Quote: "He believes it's difficult for any company, including his, to be effective at satisfying both corporate buyers and consumers." from the article/posting.
Maybe this explains why they don't even try to do either . . . just go down the list of failures,
True Apple believers will stick their heads in the sand and ignore this long running trend of contempt for customers, but enterprises do notice, and remember bad behaviors from their suppliers. Until the corporate culture changes (and evidently this belief comes from the top) Apple does not belong in the enterprise.
Your argument sounds like one that pilots would have tried when autopilots were first installed in cockpits. Just as autopilots changed aviation, just as imaging have changed aviation (radars, ILS) and medicine (x-rays, cat, pet and MRI scans) - high tech robotics can make new things possible in surgury. Less invasive, more precision, better outcomes - but these will all require more skill, not less from the surgeons. Do not confusing cutting of flesh skills (butchery) with modern medicine - Dr. McCoy's word come to mind - I'm a doctor Jim, not a butcher.
Just as we do in emergency rooms and the transport case - do the work, collect (if possible later). I have never heard of someone not getting emergency services based on finances - that would not fly at all. There is debate over whether illegal immigrants should get emergency services, and even among hardcore kick them out of the country types, the general thought is - give serivces based on emergency needs, then kick them out. So financial abiility doesn't have an up-front connection to services.
Ever get picked up by EMS from your local fire department and transported to the hospital? Well, when it happens, expect a bill, and it is a bit more than a normal taxi. And so it should - these services cost money and to expect tax dollars to cover them 100% is not reasonable. That being said, if you don't have the dollars, I have never heard of EMS or another governmental agency not writing it off. The challenge is one of what is reasonable - assume that you think 3 days is reasonable search and rescue - but the state continues for 10 days - what part do you pay for? And if you wan tto call it off early - what does that say? Big can of worms this simple thing can become.
But bottom line - you use services, you should pay within reason. That way we can afford to have them when we need them. Hint - check your insurance policy, mine covers this.
I have been to these events, and have experience in "the real world". And what does this event prove? It is an exercise designed to test student groups ability to work together as an IT department from a security perspective, and operational perspective in a simulated real world business environment. I agree theoretically that when you take over a network that has deficiencies that it would be "nice" to be able to disconnect, fix it and then reconnect to the internet - but in the real world, try telling your boss that email will be down, that e-commerce will be down, etc. . . you will quickly learn that the real world doesn't share the techie view of taking things off-line to fix them. So, you have to fix them on the fly. This is one of the most realistic aspects of this challenge - find and fix the security issues, while still keeping the systems up and running and answering management demands (the sysadmin part). Sounds simple until you try - the added dimension of finding and repairing problems while maintaining up-time makes this much harder than they typical CTF game. As for the Red Team chops, can't vouch for any of the regionals, but the finals uses a team that would impress the Defcon crowd, the bosses from China or Korea, and any realistic measure of professional hacker.
Why do this: to train students to become better IT professionals when they graduate. And to work as a team - which is necessary in today's business environment.
Kudos to all who tried, for in the end, they all are winners.
It really should not come as a surprise that yet another federal agency has decided not to do its job, but only what it wants to do. . .
The reality of the situation is simple, the web is becoming a major communications method for the government, and the content will be a lens into the history of the government's interaction with the people. I am actually afraid that this "ignoring the present" is not some form of conspiracy to prevent the recording of history, but more of a case of senior government officials not understanding the world as it is.
Not recording the communications of the government to the people, in the form and context of how they were presented is a complete abdication of the responsibilities assigned to NARA and I hope that this story gets the US Congress to intervene and tell teh agency to do its job. Of course, I also hoped that Santa would bring me a new car, and the Easter bunny would bring golden eggs. So, I am ready for another disappointment.
This is an eventuality, and a needed leveling of the playing field. Why should a multi-billion dollar company get a competitive advantage over local businesses? Hate taxes all you want, but hate them fairly, not just those on your local small businesses. If e-commerce continues to grow, and is not taxed equitably with other businesses, this becomes a tax break for the big internet based merchants, and they need it the least. Consider this another play on the idea of a fair tax - one that levels the playing field for all businesses
I understnad the desire by the State of Texas to regulate a marketplace that has significant opportunities for abuse/legal ramifications. Hence, getting a Private Investigators license makes sense, as does a variety of security consultants. These people can carry guns, can directly interface with the populace and if the wrong characters were introduced to the field, well a lot of bad things could happen to people directly. So, I understand and agree with this form of regulation.
But then, it gets expanded in scope, without expanding the nature of the licenses . . .
"For example, when the service provider is charged with reviewing the client's computer-based data for evidence of employee malfeasance, and a report is produced that describes the computer-related activities of an employee, it has conducted an investigation and has therefore provided a regulated service. On the other hand, if the company simply collects and processes electronic data (whether in the form of hidden, deleted, encrypted files, or otherwise), and provides it to the client in a form that can then be reviewed and analyzed for content by others (such as by an attorney or an investigator), then no regulated service has been provided."
clear, huh . . .
and then
"The Private Security Act construes an investigator as one who obtains information related to the "identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person; the location, disposition, or recovery of lost or stolen property; the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property; or for the purpose of securing evidence for use in court. Tex. Occ. Code 1702.104. Consequently, we would conclude that the provider of computer forensic services must be licensed as an investigator, insofar as the service involves the analysis of the data for the purposes described above."
but in a cave to e-discovery (maybe they realized that this would open a big hornet's nest)
"With respect to the statutory reference to "securing evidence for use in court," we would suggest that the mere accumulation of data, or even the organization and cataloging of data for discovery purposes, is not a regulated service."
but, it gets better, later in the same document
"Thus, the industries that are directly regulated are the same industries about which one cannot consult without a license. Because the Private Security Bureau does not regulate software designers, installers, or suppliers, it also does not regulate those who provide consulting services related to computer network security."
This means that for a true computer forensic analyst - sitting in cube, analyzing digital evidence, they must be licensed, probably as a Class A PI, and work for a firm that is also licensed. But if you or your firm does network security work (risk assessments, pen testing, etc.) then you don't need a license.
As a computer security professional, with a PhD in the subject, and hears of experience, I can easily remember numerous risk assessments that also uncovered forensic evidence of separate unauthorized activity - so at what point do I stop and put on my PI hat and uniform?
Texas has made it simple for me - I will continue to consult in Texas, but only to Federal clients, where the state rules do not apply. Until the bureaucrats figure out how to do it right . . . erm, well don't hold your breath, this debate has been cooking for years.
Slashdot Mirror
I have worked in industry, and have worked in higher education - the list of problems in both related to educating AND training workers is long. And the "blame" list is even longer. But looking at this from another angle - the world has changed
What used to be lower skilled labor is now done by robots. Robots do warehouse stocking/packing/shipping. Robots manufacture things from big to small. I use robots to clean my house. The day will come when taxi's are replaced by self driving cars. What is the point of this argument? We have changed our world and the social economics that were the norm of the past, are not the norms of the future. The need for high tech workers, at a wide range of skill levels will continue to drive many in college.
The real challenges ahead are not those of the past. How do we develop the workforce of the future? How do we develop the new social economic models where large sections of previously employed are replaced by automation - how do we develop the policies and models to balance societal benefits?
And how do we fi our education system to support this new world. I doubt many would say our current system is adequate and meeting our needs - how do you fix it?
This is bigger than student debt and college costs - these are the just the tip of the iceberg
"It is not the designers responsibility. Rather education campaigns to assist application developer and operator community in selecting appropriate cipher suites and or more work in security stacks to provide generally applicable options."
This mentality has led to so many errors - lest I say many C functions, that routinely result in fail because no one did bounds checking . . . We will always have poor developers, so we need to use standards and tech to help them get it right. Saying it is the developer's responsibilities to get it right is fantasyland, and to everyone who has been there they know it is never as great as they thought it would be.
NIH funded research must be put into PubMed Central, the NIH public portal, within 12 months of publishing in a journal.
I see complaints of a lot of sources of cost - high professor salaries, declining state support, etc. I work in a major State University and I see rising costs associated with bureaucracy associated with government. State funding comes with the requirement for tons of paperwork - research funds, paperwork and people to process it. Loans, paperwork and people to process it. Federal funds - more paperwork, more people. We have numerous offices of senior people who oversee reporting programs. These programs serve the government masters, not the needs of the student . . . While each additional paperwork requirement seems "useful" the weight of many sheets of paper becomes heavy fast.
This is what happens when you automate things and accept all claims as true. Sad thing is, "the industry" will say this is a small price to pay, and NASA being a government agency will not pursue it. This needs to be a wakeup call before we allow ISP's to monitor and police everything - there needs to be a human in the loop to fix these issues - and timely, not is days or weeks, but with the same SLA as the automated system. Right now, it is almost like the recording industry is calling the shots and everyone is guilty unless they prove they are not infringing. In the US, shouldn't the system be the other way around?
The article (yes, I RTFA) says very little about science other than climate change - What about alternative energy (regardless of greenhouse gases), computers, space exploration, advances in transportation, standard of living, food generation, medical care, etc. Science is everywhere, yet we either take it for granted or ignore what we don't want to confront. SOPA is correct in idea - we need to protect intellectual property, but flawed in science - the way they want to do it does not fit with how the Internet and networking was designed . . . I bet we ignore the science and pass a law because it is so important . . . Science doesn't do sound bites, so we won't find the Higgs particle in the US, nor will will solve many of the upcoming scientific grand challenges. We deserve the fate we select . . .
Trying to avoid getting off-topic and digressing into yet another diatribe on Smart-Grid technologies and focusing on the content of the book. . . This is a good introductory book on the topic. Not very deep, nor will you find the technical details on the wide range of technologies, but then again - the technical details of Smart Grid technologies would fill thousands of pages and the discussion of all the security implications, thousands more. So, this book is a good 50,000 foot view, and it fills a void as I know of no other general introductory text. I agree with some of the comments, that the actual analysis is a bit weak, that at times it seems like they just substitute "smart grid" for "network" before security and do mass replace function. And, in reality, this will not be the path to securing this technology, as it has different purposes and characteristics than a standard TCP/IP network. That said, it is still a decent book and worth the read if you want to learn about the ideas behind the new technologies coming to us like a out of control freight train. Mandatory Disclaimer: I am not, nor do I know the authors. I have read the book (cover to cover) and bought several for people on my Smart Grid team.
First, I am not a lawyer, nor do I play one on TV. I do believe that lawyers play an important balancing and cleansing function in the marketplace. If things get out of balance, lawyers can act as a balancing force, chewing up excesses. In a perfect world, we would not need laws, nor would we need lawyers. We don't live in a perfect world, so, hence we need these control structures. If we don't like what they do, then we need to take the appropriate actions to avoid interactions. If you think addressing risk is expensive, wait until you address outcomes when risk was ignored . . . So - back to the point - is the market functioning efficiently, or is it broken - the legal system is a part of the control mechanism for free markets, get used to it and use it wisely.
This is like watching two rich kids fight, neither has experience in kicking ass the old fashioned way, they both want to buy the solution - I say bring on the lawyers, they need the money
This is just another example of the "Hawthorne Effect" - a phenomena observed that when workers had working conditions modified, their productivity increased. We have known since the 1930's that people behave differently when they believe they are being observed or that their environment is under their control, or that there is a mechanism to improve thier work environment. And this effect results whether or not these changes are true or effective.
As one who has attended many BlackHat conferences - I take offense to the line "Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue" In my experience, BlackHat presenters have followed responsible disclosure - including this year's high profile ATM exploit talk, which, for instance can not be replicated by those in attendence (proof was given that it can be hacked, but the sourcecode was not released) - and the industry certainly knew it was coming for > 1 year - and the end of the presentation gave simple directions about how to mitigate the issues. . .
First a shoe bomb makes me take off my shoes at the checkpoint. If this is truly a pants bomb, then they have really won, for imagine us having to take off our pants before going through the metal detector. Brilliant stategy.
I think Friday would be an awesome movie . . . think of casting her!
Both of you read "The Five Love Languages" this book explains it all - really
that is the next step, end Christmas - with that silly poem, ". . . and their hearts all a glow, will find it hard to sleep tonight. They know that Santa is on his way . . . " it is all a conspiracy against all good things of winter (oops, will pay the fine) and snow (oops, again) Seriously, they need a chance to protect their financial interests, but based on their past performance, when will someone step up and say: "Enough, and NO"
What's the big deal . . . try basic competence in communications101? My defense strategy 1) commit crime 2) change name - be sure to tell all my friends I am no long John Doe, I am now John Smith 3) when confronted, tell the authorities - hey, that isn't me - I'm John Smith . . . now Changing your name in a reorganization does not resolve problems of aliases, references (OK, update your links, but how about old news stories, etc - can't update what has already been written . . .)
You may appreciate not paying the relatively small domain name fee as a savings in taxes, but what was the real cost of the "reorganization"? a lot more than a domain name entry. Not to mention, should this not have been under .UK not .org? How official is a .org?
Of course to save more tax dollars, why not have everyone sign up for their own free gmail account?
I see a whole brave new world of testing before pre-nuptials . . . But, if I have a defective gene, will that qualify me as handicapped under something like ADA? Will there be a high risk pool that I will be forced to "date" out of? So many questions . . .
Quote: "He believes it's difficult for any company, including his, to be effective at satisfying both corporate buyers and consumers." from the article/posting. Maybe this explains why they don't even try to do either . . . just go down the list of failures,
Apple vs. Java http://developers.slashdot.org/article.pl?sid=08/05/03/1929212
Apple Safari not ready for primetime (no anti-phishing) http://it.slashdot.org/article.pl?sid=08/03/03/2049205
iphone SDK http://apple.slashdot.org/article.pl?sid=08/04/16/1435254 and http://it.slashdot.org/article.pl?sid=08/04/08/1932232
their treatment of Adobe (loss of Photoshop CS4 64bit) http://apple.slashdot.org/article.pl?sid=08/04/04/1247246
need I go on? And I only went back a month!
True Apple believers will stick their heads in the sand and ignore this long running trend of contempt for customers, but enterprises do notice, and remember bad behaviors from their suppliers. Until the corporate culture changes (and evidently this belief comes from the top) Apple does not belong in the enterprise.
Your argument sounds like one that pilots would have tried when autopilots were first installed in cockpits. Just as autopilots changed aviation, just as imaging have changed aviation (radars, ILS) and medicine (x-rays, cat, pet and MRI scans) - high tech robotics can make new things possible in surgury. Less invasive, more precision, better outcomes - but these will all require more skill, not less from the surgeons. Do not confusing cutting of flesh skills (butchery) with modern medicine - Dr. McCoy's word come to mind - I'm a doctor Jim, not a butcher.
Just as we do in emergency rooms and the transport case - do the work, collect (if possible later). I have never heard of someone not getting emergency services based on finances - that would not fly at all. There is debate over whether illegal immigrants should get emergency services, and even among hardcore kick them out of the country types, the general thought is - give serivces based on emergency needs, then kick them out. So financial abiility doesn't have an up-front connection to services.
Ever get picked up by EMS from your local fire department and transported to the hospital? Well, when it happens, expect a bill, and it is a bit more than a normal taxi. And so it should - these services cost money and to expect tax dollars to cover them 100% is not reasonable. That being said, if you don't have the dollars, I have never heard of EMS or another governmental agency not writing it off. The challenge is one of what is reasonable - assume that you think 3 days is reasonable search and rescue - but the state continues for 10 days - what part do you pay for? And if you wan tto call it off early - what does that say? Big can of worms this simple thing can become. But bottom line - you use services, you should pay within reason. That way we can afford to have them when we need them. Hint - check your insurance policy, mine covers this.
I have been to these events, and have experience in "the real world". And what does this event prove? It is an exercise designed to test student groups ability to work together as an IT department from a security perspective, and operational perspective in a simulated real world business environment. I agree theoretically that when you take over a network that has deficiencies that it would be "nice" to be able to disconnect, fix it and then reconnect to the internet - but in the real world, try telling your boss that email will be down, that e-commerce will be down, etc. . . you will quickly learn that the real world doesn't share the techie view of taking things off-line to fix them. So, you have to fix them on the fly. This is one of the most realistic aspects of this challenge - find and fix the security issues, while still keeping the systems up and running and answering management demands (the sysadmin part). Sounds simple until you try - the added dimension of finding and repairing problems while maintaining up-time makes this much harder than they typical CTF game. As for the Red Team chops, can't vouch for any of the regionals, but the finals uses a team that would impress the Defcon crowd, the bosses from China or Korea, and any realistic measure of professional hacker. Why do this: to train students to become better IT professionals when they graduate. And to work as a team - which is necessary in today's business environment. Kudos to all who tried, for in the end, they all are winners.
It really should not come as a surprise that yet another federal agency has decided not to do its job, but only what it wants to do. . . The reality of the situation is simple, the web is becoming a major communications method for the government, and the content will be a lens into the history of the government's interaction with the people. I am actually afraid that this "ignoring the present" is not some form of conspiracy to prevent the recording of history, but more of a case of senior government officials not understanding the world as it is. Not recording the communications of the government to the people, in the form and context of how they were presented is a complete abdication of the responsibilities assigned to NARA and I hope that this story gets the US Congress to intervene and tell teh agency to do its job. Of course, I also hoped that Santa would bring me a new car, and the Easter bunny would bring golden eggs. So, I am ready for another disappointment.
This is an eventuality, and a needed leveling of the playing field. Why should a multi-billion dollar company get a competitive advantage over local businesses? Hate taxes all you want, but hate them fairly, not just those on your local small businesses. If e-commerce continues to grow, and is not taxed equitably with other businesses, this becomes a tax break for the big internet based merchants, and they need it the least. Consider this another play on the idea of a fair tax - one that levels the playing field for all businesses
This is one where bureaucracy has gone awry. . .
I understnad the desire by the State of Texas to regulate a marketplace that has significant opportunities for abuse/legal ramifications. Hence, getting a Private Investigators license makes sense, as does a variety of security consultants. These people can carry guns, can directly interface with the populace and if the wrong characters were introduced to the field, well a lot of bad things could happen to people directly. So, I understand and agree with this form of regulation.
But then, it gets expanded in scope, without expanding the nature of the licenses . . .
Quoting from the Texas Private Security Bureau's http://www.txdps.state.tx.us/psb/docs/psb_opin_sum.pdfpoint paper shows that computer forensics investigators - those that
"For example, when the service provider is charged with reviewing the client's computer-based data for evidence of employee malfeasance, and a report is produced that describes the computer-related activities of an employee, it has conducted an investigation and has therefore provided a regulated service. On the other hand, if the company simply collects and processes electronic data (whether in the form of hidden, deleted, encrypted files, or otherwise), and provides it to the client in a form that can then be reviewed and analyzed for content by others (such as by an attorney or an investigator), then no regulated service has been provided."
clear, huh . . .
and then
"The Private Security Act construes an investigator as one who obtains information related to the "identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person; the location, disposition, or recovery of lost or stolen property; the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property; or for the purpose of securing evidence for use in court. Tex. Occ. Code 1702.104. Consequently, we would conclude that the provider of computer forensic services must be licensed as an investigator, insofar as the service involves the analysis of the data for the purposes described above."
but in a cave to e-discovery (maybe they realized that this would open a big hornet's nest)
"With respect to the statutory reference to "securing evidence for use in court," we would suggest that the mere accumulation of data, or even the organization and cataloging of data for discovery purposes, is not a regulated service."
but, it gets better, later in the same document
"Thus, the industries that are directly regulated are the same industries about which one cannot consult without a license. Because the Private Security Bureau does not regulate software designers, installers, or suppliers, it also does not regulate those who provide consulting services related to computer network security."
This means that for a true computer forensic analyst - sitting in cube, analyzing digital evidence, they must be licensed, probably as a Class A PI, and work for a firm that is also licensed. But if you or your firm does network security work (risk assessments, pen testing, etc.) then you don't need a license.
As a computer security professional, with a PhD in the subject, and hears of experience, I can easily remember numerous risk assessments that also uncovered forensic evidence of separate unauthorized activity - so at what point do I stop and put on my PI hat and uniform?
Texas has made it simple for me - I will continue to consult in Texas, but only to Federal clients, where the state rules do not apply. Until the bureaucrats figure out how to do it right . . . erm, well don't hold your breath, this debate has been cooking for years.