Is hiring hackers worth the cost?
Results 1 to 8 of 8

Thread: Is hiring hackers worth the cost?

  1. #1

    Is hiring hackers worth the cost?

    http://techupdate.zdnet.com/techupda...856786,00.html

    I think it IS worth the cost, especially these days....BUT THE COMPANY HAS TO STAY CURRENT AFTERWORD

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    It's worth it but that doesn't mean the people with signing privileges will sign off on that. IT is seen as a waste of money. You pay into and see no real ROI, as far as CIO and Finance people are concerned. It's always pissed me off that IT is put under 'finance' if the company doesn't have a CIO,or V.P. of IT. Since when do beancounters know technology. If they all had their way we'd have top print EVERYTHING out. Cause it's real until it's on papaer....ignorance.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    432
    Well if you spend a total of 20,000 dollars for a hired hacker and he fixes all your bugs and glitches tells you what you need and then implements it . But that saves 25,000 dollars worth of data...well you do the math.

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    150

    In reply to KorpDeath

    Actually, I find it pretty good having IT under the VP of Finance here at my office. All corporate spending goes thru the Finance guys, and it's best to have them part of our department because they're a great ally. We get more than our fair share of funding because the IT director gets to ask the Finance VP directly for the cash needed to run our toys.

    If IT was a full department of their own, you could imagine having to wrangle with finance just as if you were another department (engineering, quality, etc).

    Just be glad most of us aren't under engineering or we'd never be getting proper funding for projects.

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    I just found this link reguarding the spending on security. A real world ROI.

    http://www.cio.com/archive/021502/security.html
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Member
    Join Date
    Mar 2002
    Posts
    88
    If You Look AT Microsoft/LINUX As A car Once We Have Purchased Our New
    Vehicle/OS Like Everyone Else After We Get It Home Cant We All Open
    The Hood/Binaries To See What Makes It Tick?
    Would A Unique Yet Compatible OS Thwart AnY Security Breech Or
    Does The Security Compromise Allways Come From Communication Protocol?

  7. #7
    TechieChick
    Guest
    I disagree with the hire them becouse they're hackers mentality. I do agree with hiring someone becouse of their abilities.

    Let me clarify.

    I have an issue with hiring some kid off the street just becouse he/she got press about his/her latest exploit or attack. The reason for this is if you hire someone to perform penetration testing upon your network you need to be able to trust them. If the trust isn't there then you can't allow the proper access in order to perform the testing nor can you allow them to work unsupervised. You end up monitoring the tester and that's not truly possible if your tester is as good as they should be. A truly good tester will be performing zero day attempts and hitting you supposedly where you don't know your vulnerabilities are so watching them 100% of the time just isn't feasible.

    Ok...now that I've said that and I've braced myself for the flame barrage I'm sure to get I have to next say I agree with it. As we all know security is only as good as its weakest link and finding that hole is essential. The level you take it to is dependent upon the data you're protecting and the resources available to you for spending. I could go off on a whole different tangent here about if you can't afford to protect your infrastucture properly then you should close up shop but I'll resist temptation.

    Now, if you get authorization to spend the dollars, you need to do several things minimally:
    Get references
    Talk to the person doing the testing directly
    Ask what methods they plan on using and ask what they plan on implementing to limit unintentional damage to the network.
    Ask what they plan on doing with the data after they are finished testing.

    Personally, and this hasn't been tested in a legal sense yet as I've not had my hind end hauled into court yet but I have everyone involved sign a contract. I promise not to reveal details of anything discovered except to authorized personal, not to destroy or release data and adhere to the times set up for testing only.

    Oh....and get cash in advance.

    Sorry for the ramblings here....got a bit long winded...

    TC

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Originally posted here by TechieChick

    Talk to the person doing the testing directly
    Ask what methods they plan on using and ask what they plan on implementing to limit unintentional damage to the network.
    Ask what they plan on doing with the data after they are finished testing.

    Personally, and this hasn't been tested in a legal sense yet as I've not had my hind end hauled into court yet but I have everyone involved sign a contract. I promise not to reveal details of anything discovered except to authorized personal, not to destroy or release data and adhere to the times set up for testing only.
    I could'nt have said it better myself. I always have a non-disclosure agreement drawn up between myself and the client when I do network security checks. It protects me and them. Also if I hire any help for "ANY" job. I require at least three business references (not personal), of known companies in the area (or elsewhere depending on location). I always do a background check and depending on age. I check the highschool they came from. You would be amazed at what you can find out from a school about a prospect.

    So no flames from me TC. I think you hit it on the nail. I would NOT hire some k1dd13 to work for me because he hacked AOL.

    Just my $.02 worth.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •