Security consulting not for the faint of heart
Bob Toxen's new book, Real World Linux Security: Intrusion Prevention, Detection, and Recovery, appeared on store shelves late last year. Toxen, now the president and CTO of Fly-By-Day Consulting, sports a colorful professional résumé with an abundance of highlights: he's the creator of the Sunset Computer, one of the 162 recognized developers of Berkeley Unix, one of the four developers who did the initial port of Unix to the Silicon Graphics hardware, and the software architect of the Netgear ND508 and ND520, as well as of the Kennedy Space Center PC space shuttle payload document network.
We held a discussion with Toxen in ITworld.com's Interviews forum and found out some of the perks and problems of the security consulting business. You can read the complete conversation there; what follows is an abridged version.
ITworld.com: How does the security business work for you, Bob? You obviously have plenty of knowledge that organizations need, but it can still be a challenge working out contractual relations so that everyone comes out a winner. How is security consulting different from other kinds of IT administration, development, or management? Should folks who want to work in the area prefer in-house employment to free agency, or vice versa?
Bob Toxen: The security business works well for me. Certainly, for me as for any consultant, contractual issues are a problem. Even with "ordinary" consulting, I've had to refuse unreasonable contracts and have lost the occasional project because of it. One company, with its corporate attorney still "wet behind the ears", insisted that I sign a new contract for an ongoing project that required me to indemnify them against any lawsuit by any customer over any software that I wrote or modified for them. This means that I would be financially liable even for suits without merit in code that subsequently had been altered by others or that had existing bugs before I touched it. Since the code was an online banking system being sold to large banks, I told the company "no" after I saw the contract. Fortunately, one of the company's founders overruled this lawyer. This has happened a few times since. I tell clients that I do a high-quality job but I'm not an insurance company.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
