Brian: DON'T focus blame on "consultancy".
The management style you lambaste is prevalent to the point of being pandemic. The problem is NOT lack of accountability, it is rather one of "to whom are we accountable?"
My products are NOT reviewed by geeks, theorists, and techno-pedants. My products are accountable to testers who are accountable to marketing who are accountable to stock holders and well-drillers and factory owners.
They want a profit product, not a perfect product.
"Good, fast, cheap; pick two" says it well.
--the *other* pedantic Brian--
Brian Brunner brian.t.brunner@gai-tronics.com (610)796-5838
thebs413@earthlink.net 11/17/05 01:08PM >>>
Peter Farrow peter@farrows.org wrote:
running a consultancy business where time is money, tunring it off and configuring as we always did before represents
Consulting is why the IT infrastructure and security of this country has gone to crap. There is no accountability. There is only the pressure to complete things in unrealistic timeframes.
Sound security policy has been put out-the-window by consulting, support non-sense, etc... You have to "tear it down" so you can "dumb it down" for people. And it happens in the most crucial of our nation's networks.
Why? Consultants aren't accountable in most cases. And that's typically because the clients want it done now.
******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.
This footnote also confirms that this email message has been swept for the presence of computer viruses.
www.hubbell.com - Hubbell Incorporated
"Brian T. Brunner" wrote:
it is rather one of "to whom are we accountable?"
I'm accountable to myself.
I know I shock people, but if I'm to blame for anything, I'm the first to admit it. I don't hide behind things, and I have refused to do things before. And I've been let go by a client for it too.
I'm accountable to myself at all times.
On Thu, 2005-11-17 at 12:29, Bryan J. Smith wrote:
"Brian T. Brunner" wrote:
it is rather one of "to whom are we accountable?"
I'm accountable to myself.
I know I shock people, but if I'm to blame for anything, I'm the first to admit it. I don't hide behind things, and I have refused to do things before. And I've been let go by a client for it too.
Accepting the blame remotely isn't quite the same as working at the same place for a decade or more and having to live with what you built. Your rants on the side of security vs. convenience would be more believable if you added that you did all of your own work under such conditions and planned to continue for the foreseeable future.
Les Mikesell lesmikesell@gmail.com wrote:
Accepting the blame remotely isn't quite the same as
working
at the same place for a decade or more and having to live with what you built.
If I hadn't left my first salaried job years ago, I'd probably still be there. I was there 3 years and _did_ have to live with what I built. I made 2 major mistakes in that time, and accepted full responsibility.
That was in the aerospace industry. At the time, there were 7 dead astronaunts, so I don't play CYA games. Unfortunately, many people still do -- as well as political games -- and that's why there are 7 more dead astronauts.
But yes, since then, I've found a niche as a contractor.
Now I will readily point out that I get _repeat_ business over the years from the same, past clients -- including my former employers where I held salaried positions. Two clients are large, Fortune 100** companies.
[ **Oh God, I know someone's going to complain about credentials yet again. ;-]
In 1 case, I left over something, and then was brought back later in a serious admission of "yes, you told us so."
Your rants on the side of security vs. convenience
What "rant"? I've seen other people who have the same position *I*. ;-> Don't confuse what some others have said from _any_ viewpoint with what I have said. ;-> I have continually stated that there are reasons for SELinux, and I don't agree with the "absolutism" of _either_ side.
But RBAC/MAC is a necessity that you can't ignore. And if you're waiting for the fantasy that it won't break things, then you're living in the same fantasy world that a deny all outgoing policy default on a firewall "just works." ;->
would be more believable if you added that you did all of your own work under such conditions and planned to continue for the foreseeable future.
So until then, my statements don't hold any merit? My rant _was_ about contractors and their clients. All my former clients hold me in high regard -- and I still consult for every former employer I had a salaried position with (one was for 2 years, another was for 3 years).
Please don't belittle my statements. I was trying to offer insight. I'm glad people can find positions for 10+ years. With exception of my very first, salaried employer, I've been in post-2000 rut of employers who just don't have openings.
-- Bryan
P.S. SIDE NOTE: I started my first salaried position I currently hold now 2 months ago. It's a small company and I could be gone tomorrow because of budget constraints. I do more engineering now, and I have left the IT consulting world for a time. But I still help former clients when I can. Since our systems are used to secure emergency communications, security is the natural part of our products.
On Thu, 2005-11-17 at 12:54, Bryan J. Smith wrote:
Please don't belittle my statements. I was trying to offer insight.
Just trying to put them in context. Extreme measures like separate disconnected networks are appropriate for some small number of people and places. For the rest of the world, that and other expensive, time consuming measures have to be balanced against productive uses of that money and time. The company where I work probably wouldn't have survived without very low-budget computer services that did not interfere with our developers' ability to make rapid changes. We are now part of a larger company with more resources and have replaced some equipment and procedures where it makes sense now that the context has changed but there is still always a tradeoff between how much security you add and how much it interferes with your work.
Bryan J. Smith wrote:
Les Mikesell lesmikesell@gmail.com wrote:
Accepting the blame remotely isn't quite the same as
working
at the same place for a decade or more and having to live with what you built.
If I hadn't left my first salaried job years ago, I'd probably still be there. I was there 3 years and _did_ have to live with what I built. I made 2 major mistakes in that time, and accepted full responsibility.
That was in the aerospace industry. At the time, there were 7 dead astronaunts, so I don't play CYA games. Unfortunately, many people still do -- as well as political games -- and that's why there are 7 more dead astronauts.
Oooohhhhhh, *ROGER THAT* !!!!
-
Brian T. Brunner -
Bryan J. Smith -
Les Mikesell -
William A. Mahaffey III