Why is security so taboo?

I've often wondered why it is that so many clients seem to feel ashamed when asking for help with IT-security projects. I've been on the client side of the desk for almost 10 years and on the consultant side for 10 years. What never ceases to amaze me is the number of clients that have no problem asking for help in Active Directory design, SAN optimization, getting their BGP connections to an ISP up and running but completely choke when asking for a penetration test or vulnerability analysis? Can somebody tell me the difference?

It's almost as if the clients somehow feel less "masculine" when asking for help on security-related topics. I can't count the number of times that clients make such a big deal about keeping the whole process hush-hush. You might think that a company that actively cares about security and takes a proactive approach would be applauded. Unfortunately, in this society it appears that approach indicates weakness. Is it somehow related to the male component of society that feels like they must be in charge, taking care of their woman and family without needing help? Is that why so many men drop dead of heart attacks?

I've always said the bad guys will always have the upper hand because they share things they learn. The good guys keep everything a secret, heaven forbid that somebody finds out they were compromised. The lessons they learned could be useful to another company but that information will never see the light of day. But on the other hand they have no issue paying out large sums of money to useless CXO's, asking the government for a bailout and generally exhibiting poor management skills.

Go figure.

Death of an Icon

Like many people, I wasn't shocked by the recent announcements of Circuit City. Having worked there during the heydays of the early 90's I could see the writing on the wall a long time ago. I started there in July of '93 and worked there until January '97. I then worked at DiVX from January of '97 until April of '98. When I first got there I realized that this place was the coolest place to work in town. Capital One hadn't started sucking all of the good people away yet. I worked in IT and came to become part of a group of guys that are still around in Richmond IT, although scattered to the four winds.

Our group was extremely tight, closer than many families. Everyone knew that if you picked on one you had the whole group to fight. We even had the nickname of "LAN GODS". I told everyone during those years that they would have to pry the keyboard out of my cold, dead hands to get me to leave. That was of course, youthful ignorance talking as in later years corporate (and others) greed began to seep its way into things. Promises were broken, shady things began to happen and overall it became a lot less fun to work there.

When DiVX came along I jumped at the chance to try something new. I had helped from an IT perspective to start CarMax, Answer City and other failed opportunities like the home security, furniture and other ventures. I bought into DiVX hook, line and sinker. Again, it was a very cool job and I worked with many great people. The problem came when I found out that the major studios had gone back on their promises of releasing "DiVX-only" formats. As soon as I heard that I began looking for a job. Of course, I got the traditional "you're not a team player" speech. Six months after I left DiVX folded....you tell me.

I wish I could say it was surprising that CC has imploded in the last 10 years but it isn't. Even when I worked at CC I wouldn't shop there. When you went into a store it was so loud with rap music blaring from the car stereo section you could barely hear. You would look around for someone to help and find them all crowded around just talking to each other. Honestly, like a lot of people I would do my shopping online at Crutchfield and then go buy what I wanted from Best Buy. The only time I shopped at CC was in the early days when they used to let employees buy at cost. Once that went away I stopped shopping there altogether.

I feel bad for some of my old friends who have remained there for these past 10 years. I know lots of people who left and came back several times. Others went to more stable jobs at Capital One, the Federal Reserve and now VITA and Northrup Grumman. I have many opinions on why this happened but I think I'll keep them to myself.

RIP.

Ah, the good old days

I saw in the Internet news that this weekend marked the 20th anniversary of the Morris worm. I guess most people reading that didn't have a clue as to what it meant or the significance of the event. It was, by most accounts, the beginning of the "security problem" on the Internet. I remember that day very well. I was a "newbie" network engineer at VCU in Richmond, VA. I remember things slowing down on the Internet and then stopping almost altogether. It wasn't until several days later that we found out that some goober had turned a "worm" loose. What the heck was that?

Well, 20 years later many things have changed and some things haven't. There are still many goobers turning worms loose on the Internet. Even the current Microsoft generation knows about them, unlike their predecessor 20 years ago. I feel honored that I was around back then and am still around today. I wonder what types of things will be turned loose on the Internet in another 20 years?