m4iler :debian: :verified_paw: on Nostr: Why don't companies "hire" internal security members to teach other teams? Why does ...
Why don't companies "hire" internal security members to teach other teams? Why does that fall to some poor fuck who has no idea how the org works internally instead of saying "Hey, Keith, we will lend you out for a week for these 5 teams. Get a meeting with them, your other agenda will be taken care of, and maybe you'll get a bonus for it!"
Pros:
People inside know the tools. They will immediately say "We have X available."
They can say no-bullshit answers. "I can see X, but I cannot see Y. Y has to be watched by you."
They may like a bonus to their normal duties. Don't assume every single person in your org will hate a change of scenery. That may be the thing they need to jump out of a rut.Inevitable cons:
People inside know the tools, but may not know other solutions. When you know what a box looks like inside, why go out of it?
They may get frustrated by dumb questions. I always say there are no dumb questions, but this may not be the case for everyone.
They may like a steady workflow for years to come. That's okay, make it voluntary-first, mandatory/external later.
There are smart people at every single company I worked with. Dedicated people who want a chance to do more, but since corporations think hiring a guy at 320€/day from a different company is better than pay 200€+ for a person already inside, they may never get as high a quality.
Fuck, it took me a month to gain initial access to data I needed! That other guy may take a week and be off to the races, plus there may have been prior contact!
Anyway, just my evening rant not worth the blogpost.
Pros:
People inside know the tools. They will immediately say "We have X available."
They can say no-bullshit answers. "I can see X, but I cannot see Y. Y has to be watched by you."
They may like a bonus to their normal duties. Don't assume every single person in your org will hate a change of scenery. That may be the thing they need to jump out of a rut.Inevitable cons:
People inside know the tools, but may not know other solutions. When you know what a box looks like inside, why go out of it?
They may get frustrated by dumb questions. I always say there are no dumb questions, but this may not be the case for everyone.
They may like a steady workflow for years to come. That's okay, make it voluntary-first, mandatory/external later.
There are smart people at every single company I worked with. Dedicated people who want a chance to do more, but since corporations think hiring a guy at 320€/day from a different company is better than pay 200€+ for a person already inside, they may never get as high a quality.
Fuck, it took me a month to gain initial access to data I needed! That other guy may take a week and be off to the races, plus there may have been prior contact!
Anyway, just my evening rant not worth the blogpost.