How Sarbanes-Oxley changed the information security profession


This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."

Download it now to read this article plus other related content.


Melting Pot
by Dennis Fisher
Seems like everyone who was anyone worked at one time for @stake.

For talented security engineers, hardware and software hackers and researchers, there was no cooler place to work in the early part of this decade than @stake. The seminal security consulting firm at one time or another employed just about every top researcher in the field. Dave Aitel, Joe Grand, Chris Wysopal, Peiter "Mudge" Zatko, David and Mark Litchfield, Dino Dai Zovi, Dave Goldsmith, Brian Oblivion and dozens of others spent time at @stake.

In 2000, 2001 and 2002, when money was flowing and the company could barely hire consultants to keep up with the demand for its services, @stake was on top of the security world. The deep talent pool attracted other smart people and @stake cultivated a casual, hip image and allowed employees to work on interesting, challenging projects.

"It really became a cool place to work. It just sort of happened at some point," says Grand, a member of the L0pht hacking collective that formed the foundation of @stake in 2000. "The people there were really open to a lot of different things. It was the place to be. There wasn't a lot of structure."


    Requires Free Membership to View

presence of guys like Grand, Zatko and Wysopal--all of whom had a lot of credibility in the hacker underground--served as a positive and a negative in the early days. Having them in the office was a definite re-cruiting tool, but it also caused some uneasiness among customers and potential clients.

At the time of @stake's founding, the members of the L0pht were seen variously as tremendously talented researchers who used whatever methods served their needs, or borderline criminals who flouted the law in the name of fame and fortune. Many critics publicly questioned the wisdom of hiring this group of mavericks to secure corporate networks. The L0pht made no bones about its connections to the hacker underground and was unafraid to force a vendor's hand by publicizing a vulnerability or attack method if the vendor didn't move quickly.


This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: