Write Lightning is a blog from writer Deb Thompson.
Everyone is welcome here.
(Some links or topics may not be completely kid-appropriate.)
Everyone is welcome here.
(Some links or topics may not be completely kid-appropriate.)
Thu, Jul 31 2008
Security is more about people than checking badges, monitoring access and restrictive passwords.
Being married to a man who has worked in several technology and engineering jobs in the last few decades has taught me that most companies spend a lot of time monitoring how much work employees do as opposed to how much security employees provide. There are exceptions, of course. But I have noticed how easy it is to interact with folks who work in high-tech positions. Many are eager to share their knowledge and many work such long hours that they welcome a chance to chat. They also tend to assume that the spouse of an engineer has a lot of understanding about high-tech topics and already knows all about the politics of a company. For most positions this would present little security risk. But if you work in certain industries you could be inadvertently be speaking to a non-technically proficient person while others with ill motives are hanging on every word.
And it isn't always about technology. When there is a high concentration of workplaces in a given neighborhood, all one would have to do is go to lunch at one of a few cafes and keep one's ears open to know a lot about office politics. It's very common for people to get together with colleagues (or former colleagues from other nearby workplaces) and have a gripe session over their sandwiches. I've always thought that the high-tech sector is a lot like Hollywood when it comes to the tendency to work with the same people again and again. That boss you pick apart at lunch today could be the boss you have to face again at another company a few years down the road. Everybody knows somebody who knows somebody who knows somebody. This can work for or against a worker in any job, but particularly in Hollywood and in Silicon Valley (or similar high-tech neighborhoods), where jobs are often tied to one's social and former work connections.
Johnny Long refers to a lot of this type of behavior in his book, No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
.
I noted that reviewers at Amazon pointed out sections of the book that seem to
contradict other sections and put the reader at a loss as to what to actually
do in certain situations. But isn't that the point of such discussions? While
companies and individual workers are busy trying to cover one security issue,
two or three other issues are creeping up on them in the most unexpected places.
posted at: 07:19 | category: /Miscellaneous | link to this entry
Being married to a man who has worked in several technology and engineering jobs in the last few decades has taught me that most companies spend a lot of time monitoring how much work employees do as opposed to how much security employees provide. There are exceptions, of course. But I have noticed how easy it is to interact with folks who work in high-tech positions. Many are eager to share their knowledge and many work such long hours that they welcome a chance to chat. They also tend to assume that the spouse of an engineer has a lot of understanding about high-tech topics and already knows all about the politics of a company. For most positions this would present little security risk. But if you work in certain industries you could be inadvertently be speaking to a non-technically proficient person while others with ill motives are hanging on every word.
And it isn't always about technology. When there is a high concentration of workplaces in a given neighborhood, all one would have to do is go to lunch at one of a few cafes and keep one's ears open to know a lot about office politics. It's very common for people to get together with colleagues (or former colleagues from other nearby workplaces) and have a gripe session over their sandwiches. I've always thought that the high-tech sector is a lot like Hollywood when it comes to the tendency to work with the same people again and again. That boss you pick apart at lunch today could be the boss you have to face again at another company a few years down the road. Everybody knows somebody who knows somebody who knows somebody. This can work for or against a worker in any job, but particularly in Hollywood and in Silicon Valley (or similar high-tech neighborhoods), where jobs are often tied to one's social and former work connections.
Johnny Long refers to a lot of this type of behavior in his book, No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
.
I noted that reviewers at Amazon pointed out sections of the book that seem to
contradict other sections and put the reader at a loss as to what to actually
do in certain situations. But isn't that the point of such discussions? While
companies and individual workers are busy trying to cover one security issue,
two or three other issues are creeping up on them in the most unexpected places.
posted at: 07:19 | category: /Miscellaneous | link to this entry
