I don't know of anyone out and out fired but the scam seems to be - do a vuln assessment/pen test/whatever, then sell their great outsourced security/firewall/ids/all of the above.
What gets me is this - sure these companies probably have some competent (notice I didn't say great or good) engineers - BUT - does anybody really think that the guy looking at the IDS console at 4am is really a highly trained security engineer? Not in my experience.
Also, risk of disgruntled employees at these places is very real - think about it - any number of people may know your passwords, be able to access your IDS/firewalls, etc. What is their security like, hmmm?
Slashdot Mirror
I don't know of anyone out and out fired but the scam seems to be - do a vuln assessment/pen test/whatever, then sell their great outsourced security/firewall/ids/all of the above. What gets me is this - sure these companies probably have some competent (notice I didn't say great or good) engineers - BUT - does anybody really think that the guy looking at the IDS console at 4am is really a highly trained security engineer? Not in my experience. Also, risk of disgruntled employees at these places is very real - think about it - any number of people may know your passwords, be able to access your IDS/firewalls, etc. What is their security like, hmmm?