Rudy Giuliani appointed Cybersecurity Czar...?

FillAwfulFillAwful Posts: 119Member

Comments

  • MAC_AddyMAC_Addy Posts: 1,740Member
    Wow. Top-notch Security professional... Yeah.
    2017 Certification Goals:
    CCNP R/S
  • PCTechLincPCTechLinc Senior Member King City, CAPosts: 566Member ■■■■□□□□□□
    Geez... And I was REALLY hoping that was click-bait.
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • DeltrusDeltrus Posts: 13Member ■□□□□□□□□□
    So if it it wasn't his qualifucations that got him the job. I wonder what it was.
  • MAC_AddyMAC_Addy Posts: 1,740Member
    Deltrus wrote: »
    So if it it wasn't his qualifucations that got him the job. I wonder what it was.
    icon_wink.gif - Well, heh.. Should you ask?
    2017 Certification Goals:
    CCNP R/S
  • DatabaseHeadDatabaseHead Posts: 2,328Member ■■■■■■■■□□
    He can have his cyber security team search and frisk the hackers.....

    In all seriousness the guy understand physical security/law enforcement..... Not sure how this ties back to his new role.
  • TechGromitTechGromit Completely Clueless Ontario, NY Posts: 1,847Member ■■■■■■■□□□
    Washington has always been more of a who you know then what you know playing field for political appointments. In the past appointees generally know something about the departments they were heading, many of Trumps appointee make absolutely no sense what so ever.
    Still searching for the corner in a round room.
  • DatabaseHeadDatabaseHead Posts: 2,328Member ■■■■■■■■□□
    They make sense, he can "trust" these people.....
  • gespensterngespenstern Posts: 1,243Member ■■■■■■■□□□
    Yeah, kind of poor choice. "Does he even know how to write a shellcode" type of thing.

    Not that it changes things much. Our top intelligence official's email was hacked by a teenager.

    On a bright side he is certainly proficient in physical security and understands criminal psychology and procedural things pretty well.

    Plus, his infamous web-site didn't make cybersecurity claims while it was up AFAIR, it was something about safety, physical security and crisis management type of thing.
  • Mike7Mike7 Posts: 1,060Member ■■■■□□□□□□
    Infosec covers a wide range of topics at different levels; from management to policy to engineering. Joomla 3.1.1? Hope he gets engineering folks in his team. A few pen testers will help. Anyway, the site is not accessible as there are no DNS records.

    FWIW, my local ISC2 chapter website was on a Joomla version that EOL 2 years back; Joomla 2.X to be exact. They installed WordPress in a separate folder on the server, redirect users to the WordPress site but chose to disable WordPress's auto-update feature. So the site had an old version of WordPress and an obsolete version of Joomla. They eventually re-enabled WordPress auto-update after I highlighted to their board but still leave the old vulnerable Joomla files on the server. Some of the board members have multiple infosec certs such as CRISC and CEH. One reason not to join the local chapter. icon_rolleyes.gif
  • RemedympRemedymp Posts: 834Member
    John McAfee turned down the position and thus, this was the second best candidate.
  • CCNTraineeCCNTrainee Posts: 213Member
    Let the good times roll...
  • the_Grinchthe_Grinch Posts: 4,123Member ■■■■■■■■■■
    Got into a huge debate with a buddy about this, mainly because they're planning to do the same thing the past two administrations have done. My argument is they start a committee and then come out with standards that should be implemented. The problem? They say the same thing over and over then at the end of the day we are in the same place. Oddly enough if you implement the standards they set out numerous times before you will be about 80% to where you want to be. The biggest issue is this, anything they implement has no teeth. In most cases the government can't tell a company how to run their business. Also, if the past is any indication, they won't have an agency that can levy fines or some form of sanctions for cybersecurity failures. Finally, even if they implement some form of regulation either the lobbyists will get it so watered down that it will be ineffective or they'll write it so poorly that it will be out of date by the time it's finished.

    Then there's the question about who he chose to appoint to head it up. Pretty sure I haven't heard Giuliani every speak about cybersecurity and now he's heading it up? Good lawyer, but don't think he's the best choice for this position. I mean he has Thiel wouldn't he have been the better choice, if the administration was really concerned about cybersecurity?

    Ultimately we know how we should be securing our systems, but per the typical crap we deal with we end up making exceptions that cause us problems. Partially it is our own fault because in IT we are very often the department of no and then other departments will go around us. Executives want what they want and more than likely won't know technology thus won't see the security issues with their requests. I expect to see more of the same with this committee and little change.

    Finally, we continue to lower the amount of money we spend on education. It truly amazes me that even in the government they want security, but aren't willing to train people. The biggest issue I see in that realm is that they train people and due to low salaries they take that training and run. Thus they don't offer to send people to training and then wonder why they have problems. But if they did fund training and require an agreement to stay for a period of time and showed them the quality of life (work/life balance is something we don't think about when we're young, but is pretty important) they would probably stick around. Ultimately you have to accept a little melt in order to be in a better position.
    WIP:
    Python
    Java
  • Russell77Russell77 Posts: 161Member
    Going to school at Drexel I am surprised you overlooked one of the great insider hacks. Giuliani Partners was hired to clean up but as you predict in this case things were never implemented.

    "

    Whether clients of Giuliani Partners hired the firm for its work or for its name has been an issue more than once, even in the case of the National Thoroughbred Racing Association, which Hess cited as one of the firm's successes.
    In that instance, the industry group hired Giuliani's firm three weeks after an insider had rigged wagers on the Breeders' Cup and held all six winning tickets in the Pick Six, creating a $3 million payday. "Giuliani had a huge name," recalled Frank Angst, a senior writer at Thoroughbred Times. "People trusted that he would help the industry get its act together."
    Angst said it soon became clear the association's intention for Giuliani's firm was less about finding security upgrades than it was about recovering horse wagering's reputation. Nine months after being retained, Giuliani Partners helped the racing association produce a lengthy report on the security issues facing the industry, making three major recommendations for protecting the wagering infrastructure. The industry group, however, has yet to fully adopt any of the recommendations, according to Angst. An association spokesman declined to comment and would not disclose how much Giuliani Partners was paid.
    "



    Giuliani Partners Has Made $100M Off Of Rudy's 9/11 Fame | 911Blogger.com
  • the_Grinchthe_Grinch Posts: 4,123Member ■■■■■■■■■■
    Interesting never saw that story before.
    WIP:
    Python
    Java
Sign In or Register to comment.