What If Job Postings for Drivers Were Written Like Job Postings For Information Security?

A colleague sent a link to an image of a fake job posting that asks "What if drivers were hired like programmers?". I don't see much difference between this and the job postings for infornmaton security.

Job title: Driver

Job requirements: professional skills in driving normal and heavy-freight cars, buses and trucks, trolley buses, trams, subways, tractors, shovel diggers, contemporary light and heavy tanks currently in use by NATO countries.

Skills in rally and extreme driving are obligatory!

Formula 1 driving experience is a plus.

Knowledge and experience in troubleshooting and repair of piston and rotor/Wankel engines, automatic and manual transmissions, ignition systems, OBD systems, ABS, ABD, GPS and car-audio systems by world-reknowned manufacturers is obligatory!

Experience with painting and tinsmith tasks is a plus.

The applicants must have current certificates by BMW, Mercedes-Benz, and Audi.

Compensation: $15-$20/hour but it depends on the interview result.
Education requirements: Bachelor's Degree of Engineering or related discipline.

Helping Business

NIKON D5100_20140820_1735

A recent blog post by security analyst Wendy Nather made me think about how I could use my technology skills to help my community. I’ll let Wendy’s word explain before I got on.

There are a few movements afoot to help improve security, and the intentions are good. However, to my mind some are just more organized versions of what we already have too much of: pointing out what's wrong, instead of rolling up your sleeves and fixing it.Wendy Nather

As I read her short article, I nodded my head in agreement. The information security community is good at shaming. We’re good at pointing out where the problems are and offering advisory on what to do about them. We know the computers our kids use at school are unpatched and full of viruses1. We know the technology questions we get from the owner of the local wellness center is because she has no budget for an IT guy. But we do nothing.
Wendy suggested I needed to put up or shut up.

Now, if you would like to take actual steps to help make things more secure, here are some examples of what you could do:
* Adopt an organization near you. Put in hours of time to make the fixes for them, on their actual systems, that they don't know how to do. Offer to read all their logs for them, on a daily basis, because they don't have anyone who has the time or expertise for that.
* Fix or rewrite vulnerable software. Offer secure, validated components to replace insecure ones.
* Help an organization migrate off their vulnerable OSes and software.
* Do an inventory of an organization's accounts -- user, system, and privileged accounts -- and lead the project to retire all unneeded accounts. Deal with the crabby sysadmins who don't want to give up their rlogin scripts. Field the calls from unhappy users who don't like the new strong password guidelines. Install and do the training and support on two-factor authentication.
* Invent a secure operating system. Better yet, go work for the maker of an existing OS and help make it more secure out of the box.
* Raise money for budget-less security teams to get that firewall you keep telling them they need. Find and hire a good analyst to run it and monitor it for them.
* Help your local school district move its websites off of WordPress.
* Host and run backups for organizations that don't have any.

I read that blog post and I started to think that perhaps I needed to find out “how to help” instead of just offering advice. I thought about it for a while. I hesitated because my income is based on consulting. It’s partly based on advisory. Did I really want to give away my services for free?
I love the local business community in the Princeton and Montgomery Township area. I feel it has a “help each other succeed” vibe.

So to cut to the chase. Here's what I'm offering my small businesses colleagues. I am offering my cyber-security expertise without charge to help you secure your systems and applications. I will create an inventory of your systems and accounts. I will patch and upgrade your servers. I will configure them as securely as I can to enable your business. I will help you implement a backup solution against loss of data and service. I will put in the hours to review your system logs to find out if your systems were ever compromised. I'm here to help.

Contact me here.

  1. My brother-in-law has been hit twice by “school work” viruses. 

Weyerbacher White Sun Wit

This is my first time using the suspended or floating object technique. I spent about 30 minutes online researching how to do it in Photoshop. Most of the information I found online was too difficult to understand. Photographer Evan Sharboneau of Photo Extremist created this easy to follow YouTube video that explained it all.

I spent another 30 minutes testing out my technique using an empty beer bottle before attempting to photograph my main subject. I think the results are good for my first try. With practice, I think I'll get better at the floating object technique