[Previous] [Next] [Index]
[Thread]
about frank wannabe wallaby willoughby
Hello Folks,
I couldn't resist putting in my $0.02 about Mr. wallaby. Since I'm
about to slander (or is it libel?) him terribly, I'm sure you'll
understand why this is anonymous.
I work for the same "corporation" that wallaby used to work for. In fact,
I even work in the same country where he was "stationed".
I don't know how things are in other subsidiaries of the corporation,
but in this country, security is considered a "siding" (an unused
stretch of railway where useless, worn out, or otherwise unwanted cars
are put to rust), used to occupy people of lesser ability,
intelligence, motivation, whom the company can't fire. This was
certainly the case with wallaby. His favourite sport was marching over
to some very productive group and demanding that the server on which
the group worked immediately be pulled from the network for some
nominal transgression, such as having a 'guest' account or some such.
He was well known for this. So much for "virtually non-intrusive". Ha ha.
Frank (expletive deleted) Willoughby recently (about 1.5 months ago) wrote:
> Thanks for the benefit of a doubt. As the last sentence seems to be
> directed to the companies who have experienced ISOs, I'll answer for
> Fortified Networks.
>
> In my particular case, I used to worked for a subsidiary of a multi-
> billion-dollar international high-tech corporation as the (nationwide)
> Information Security Operations Officer. The size of the subsidiary
> was 3K+ systems & 6K+ employees. Some of my duties included:
>
> o responsible for ensuring the compliance of all internal systems to
> corporate policies & standards (many of which I helped write).
I can only venture the guess that wallaby was allowed to insert the odd
article ('a', 'the') into the document, with the possible exception of
the intrusive, useless, only-good-for-putting-a-check-mark-next-to-
the-host-in-question policies. I could easily believe that wallaby was
responsible for all of these.
> o central infosec security/technical approving authority for all
> electronic connections from that subsidiary to the "outside world"
> (avg. over 120/yr)
Yes, indeed, wallaby was Mr. Responsible when it came to making these
decisions. Result: after filing report after report and filling out
form after form, explaining business impact, how important it was to
project XYZ that employee ABC be able to log in over a 300 baud line
one a month, the answer was NO. Then it had to be escalated to the
'Mother' corporation, where, occasionally, wallaby was overruled. He
was good at saying No.
> o penetration testing of internal systems
>
>
> While I was there, we achieved and sustained the *highest* level
> of measurable information security of any country in the world.
> This compliance streak continued for over *continuous* 4 years.
> While I was there, we withstood numerous hacking attacks and never
> had a successful breakin. Also, when we were audited, we had
> results were "Excellent" and "Best of Class". BTW, this has the
> added benefit that the auditors then left us pretty much alone
> and spent their efforts on subsidiaries whose level of compliance
> wasn't quite as high as ours.
>
> The above results were achieved by integrating good infosec at all
> layers of the company. The result was a very high level of security
> awareness which resulted in the above statistics. The employees were
> genuinely interested in ensuring that their systems were secure and
> were proactive about infosec. They did not hestitate to call me if
> they thought there was something that looked suspicious.
this is simply a fairy-tale. I was one of the 'employees' and I
promise you, it wasn't the way wallaby make it out to be. Security was
never that bad in the company, but the it's quality was almost
completely unrelated to wallaby's efforts. He shamelessly inflates his
influence, power, credibility, and respect. We loathed him. He may
have been good at kissing his boss' ass.
>
> When an employee was proactive and reported something, I would send
> a mail to the employee's manager (cc the employee) received an "attaboy"
> memo from me praising the employee for his/her efforts in helping to
> ensure the continued security of the subsidiary (and consequently,
> the corporation). I am certain that this helped people when it was
> time for job reviews. I'm a firm believer that those who go the
> extra mile should be rewarded. Also, word of this gets around -
> which helps to further promote high levels of infosec.
ahh, how we treasured such "attaboys" from frank!
>
> FWIW, I had the extreme good fortune of working for a brilliant
> InfoSec officer named Gerhard Oberle (for those who know him).
> IMHO, he was @3-5 years ahead of where the corporation was going
> with infosec (and that corporation was @3-5 years ahead of where
> most companies are with infosec). I learned a *lot* from him in
> the 2 1/2 years I worked for him (before he left the company) and
> make an effort to teach others about infosec from the things he
> taught me as well as the benefits of my own experience.
>
> The stuff I mentioned earlier (and is on FNI's home page) about
> helping companies achieve high levels of infosec which are highly
> secure, user-friendly, virtually non-intrusive to business operations,
> and as inexpensive as possible - isn't hype. It *is* possible
> (as illustrated above) and it is one of our specialties.
>
> If you are interested in having your company receive the benefits
> of our experience & achieve similar results, give me a call at the
> number below.
>
> Best Regards,
>
>
> Frank
>
VERDICT: incompetent
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to abuse@anon.penet.fi
For information (incl. non-anon reply) write to help@anon.penet.fi
If you have any problems, address them to admin@anon.penet.fi