re: #655 Kragar (Proud to be Kafir)

Contractor

If your client is a government agency you should know that computer security in most government agencies has almost nothing to do with how secure the networks are.

It’s all about audits.

And audits are all about paperwork. If the paperwork is in order then the agency passes the audit and the security manager gets a good performance review. And all is happiness.

Penetration tests and network scans are done so that the appropriate boxes can be checked off on the all important paperwork.

And if the boxes are checked then the paperwork is in order, and if the paperwork is in order then the agency passes the audit.

It’s the “Radar O’Reilly” method of network security…