Whenever there is a meeting to talk about say, Windows servers, the discussion is left primarily to the subject matter experts when dealing on a technical level. The same can be said of application development et cetera. So, why is it that when the discussion ultimately circles around to security that everyone in the room thinks that they know more than the security wonk?
I have had the distinct displeasure at a former company to sit in a meeting where the CTO said that UDP was a more reliable transport than TCP. He followed by telling me that telnet was a secure method of communication. Thankfully my coworker had the foresight to chain my to my seat and to jab a syringe filled with some sedative into my leg.
This is an example of why I refuse to be intimidated by anyone simply because their business card has a lofty signature. I do find it an interesting social experiment however. Why do people feel it necessary to tell me about the computer virus that they had on their Windows 98 machine when I’m at a Christmas party? Not that I have a problem discussing it. But, they feel it necessary to cross swords with me rather than discuss it. My first thought is “Well, hell. You asked me.” but, that gives way to a more diplomatic approach. I try to steer the conversation in such a manner that the initiator feels they have made their point.
Very curious.
[tags]Secuity SME, Security Education[/tags]