[unisog] RE: Outside Penetration Testing and FERPA

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Dec 6 16:26:52 GMT 2004


> Anderson was reputable at some point in time...) I would certainly agree
> that it would be irresponsible to allow Fly-By-Night, Incorporated to muck
> around a network no matter how many agreements and contracts were in place.

OK.. Would you allow Deer Run Associates to audit your network?  Or
how about JJB Security Consulting?

Does your opinion change any if I tell you that Deer Run is Hal Pomeranz's
firm? Or that JJB is Jay Beale's consultancy? (Yes, *that* Hal and *that*
Jay..)

Who's more likely to actually *know* what they're doing, Hal and Jay or whatever
people the Reputable Firm sends over?  (And it isn't just Hal and Jay either - the
majority of *really* clued security people who are doing consulting are
doing so for their own small firms, not Some Big Name Recognition Place).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20041206/9dc73549/attachment-0002.bin


More information about the unisog mailing list