Friday, July 6, 2012
I've been told more than once that "there are an awful lot of hacks in the information security world". Sadly, this is to be expected, particularly in recent years as people have begun to see dollar signs when they hear the phrases "cyber security" or "information security". Unfortunately, the number of people who say they know how to perform network forensics/network traffic analysis is far greater than the number of people who actually know how to perform network forensics/network traffic analysis. Many people talk a good game with multiple certifications, all the right buzz words, a polished resume, and a smooth social networking profile. It's definitely a buyer beware market on the customer's end, particularly since there is more demand for the skill set than there are people with the skill set. So what is a customer to do to avoid hiring a phony? Find someone, even just one person, whom you trust, and whose work is of the highest caliber, even if they're not working for you. Per my previous blog post "Peer Respect", the community of analysts is a close knit one. I'm sure any trusted member of the community would be happy to share an honest opinion if they have one.