undefined | Better HN

0 pointsnot_kurt_godel12y ago0 comments

I really wouldn't be surprised if this really was the primary reason for firing a security engineer. A person who carelessly compromises sensitive information is someone you want as far away as possible from having access to your security systems, not to mention building them.

0 comments

4 comments · 1 top-level

lmm12y ago· 3 in thread

How is someone's badge security information? Anyone can walk up to the building entrance and see several people's badges on the way, surely security can't depend on keeping those secret.

not_kurt_godelOP12y ago

By that same logic, passwords wouldn't be security information either because anyone could videotape someone typing theirs in at a coffee shop from afar. But, I suspect that's rare because it's really difficult in practice. The purpose of many security policies is to increase the amount of effort an attacker must go through.

BlackDeath312y ago

I don't know of any company that encourages the display of passwords around their employees' necks.

polymatter12y ago

well, depends if you're concerned with security or appearance of security. Security engineers need to do both.

j / k navigate · click thread line to collapse