[ISN] Stephen Northcutt is sadly mistaken

InfoSec News isn at c4i.org
Mon Jun 28 05:45:02 EDT 2004


Forwarded from: hellNbak <hellnbak at nmrc.org>
Cc: stephen at sans.org

I am not a US citizen but seeing how this got spammed across multiple
mailing lists and seeing how the Internet is in deed a global thing I
thought I would respond.

> This note is intended for U.S. citizens and is a personal note from
> Stephen Northcutt.  For the past few weeks CERT and SEI, DoD
> government funded organizations, have been purchasing google adwords
> so that when people search for "SANS Training" they see an
> advertisement for CERT/SEI's network manager course.

So the purchase of Google ads by DoD funded organization is cause for
a personal note from the great Stephen Northcutt?  They have a service
to sell so why is this an issue?  Welcome to a capatilist society.  
You have to spend money to make money.  Either that or you need to
sucker a bunch of volunteers to work for free....


> I have a couple of concerns about this.  The first is trademark or
> brand related, when you search for SANS training, you should get
> SANS training.  Other competing commercial training companies have
> also engaged in this behavior and when I have written them and asked
> if this how they want to be remembered by the security community,
> they have discontinued this practice.  I wrote cert at cert.org a
> couple weeks ago and they continue this practice.

So take the millions you have made on the backs of SANS volunteers and
purchase your own Google adds or hell, purchase Google and fix search
engines for all.  Imagine the nerve of a search engine to give other
results when someone searches for SANS traning.  Why doesn't SANS
purchase their own ads?  I mean isn't this how Internet marketing /
Search engine placement is *supposed* to work?


> My second concern is that the government offering the course
> violates the spirit and letter of OMB A 76. "Two of the key
> principles of Circular A-76 has always been that "in the process of
> governing, the Government should not compete with its citizens" and
> that "a commercial activity is not a governmental function."

Commercial activity?  Correct me if I am wrong but isn't SANS a
non-profit?  Has SANS not enjoyed years of government support via
attendance and government targetted events?  Did SANS not once receive
government funding or support?  I read the PDFs you linked to and no
where in those documents does it say that SANS should be the be all
and end all of Security Training.

> My third concern is the amount of tax we pay as citizens. The
> government is in the process of authorizing about 481 billion
> dollars for DoD spending.  The Department of Defense clearly has too
> much money if they can afford to create training that mirrors
> material widely available from SANS, MISTI, CSI, Intense School and
> other training organizations. I believe the money spent on CERT, SEI
> and the Office of the Under Secretary of Defense for Acquisition,
> Technology, and Logistics should each be reduced by at least 10%
> immediately.

Or perhaps SANS can help solve this problem by reducing the cost of
their traning courses.  I mean being a non-profit and all and with all
the volunteer work -- courses should be free.

> I would be honored if you would copy me, Stephen at sans.org.

Consider yourself honored.

> how you would feel if the government decided to compete in a
> disreputable manner with a course that took you months to write,
> SANS Security Leadership. After that, if you disagree with me, I
> would love to hear what you have to say.  So please help me and
> write your congressman and tell them your home address, make sure
> they know you vote and you agree that the government has no business
> wasting taxpayer money competing with a course Stephen Northcutt
> does a better job of anyway.

Unless things have changed in the SANS world over the last year or so,
many of the courses are the work of volunteers -- volunteers for a not
for profit organization.  So competition should not be an issue.  In
fact, eventhough I am not a US citizen, I support the government
spending a little advertising money, perhaps they have noticed your
paystubs and seen the potential of such courses as a very profitable
business model.

The government is doing nothing disreputable at all.  If something as
simple as purchasing search engine ads is disreputable perhaps you
should look at the history of SANS.  Hmmm, Hi pot, this is kettle...
ummmm black!

If SANS cared one bit more about security than their business model
this would be a non-issue.  The more training courses, and the more
knowledge that people can obtain on this subject benifets the
community in general. So there is one more competitor to SANS, that is
how business works.

I leave you with this definition of the word Sans from The American
Heritage Dictionary of the English Language, Fourth Edition

\Sans\ (s[aum]n; E. s[a^]nz), prep. [F., from L. sine without.]
Without; deprived or destitute of.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

hellNbak at NMRC.org

http://www.nmrc.org/~hellnbak
http://www.vulnwatch.org

"There are voices in my head and they don't like you"

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


The standard this is my opinion and no one else's stuff applies to this
and any email I send from this address.





More information about the ISN mailing list