Most of us fall somewhere in this scenario, be it the consultant, the organization hiring the consultant or the techie in charge of mitigation... either way, this article will hopefully spark the conversation and sharing of your experiences.
Permalink:
[Article]-The Security Consulting Sugar HighBy Todd KendallIt seems pertinent during this time of year, as I finish off the last batch of left over christmas cookies, some peppermint bark, and a large glass of eggnog, to talk about a phenomenon known as the sugar high. I’m talking about the high one gets after consuming large amounts of sugar, also called a "sugar rush." Sugar highs cause twitchiness, spasms, and hyper excitability. Sugar highs do not last very long and leave a person feeling drained afterwards.
1As an IT Security Consultant I have had the opportunity to work with a variety of organizations over the years, often on multiple occasions and on multiple projects that stem from Security Policy Development, Gap Analysis, Penetration Testing, and in some cases Incident Response and Forensics. When you work with organizations in this capacity it is difficult not to develop personal relationships over time, and, as any good consultant will tell you, you want to gain a “trusted” relationship not only from an ethical point of view but also from a capitalist point of view. Let’s face it, more trust, means more business.
Like any relationship, you may find yourself in a position at some point where you simply have to tell the other party that they simply aren’t listening. Despite all of the times you have had the same conversation, and they swear up and down to take your advice.
Looking forward to the war stories,
Don
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
