L. Taylor - February 16th, 2000

The creation of @Stake, a new security venture, has taken the hacker group known as the L0pht under its wing as their Research and Development division. Who are these beacons of the security un derground? Will they put Trojan horses in your network and divert your payroll to their own bank accounts? Should you trust them? What would your mother say if you hired a hacker?

Due to the huge information security compromises that eCommerce sites and Internet Portals have been experiencing, network and system security exposures have become increasingly important i n the world of information technology. With an increasing amount of security exposures on the horizon, we predict that the market for security consulting services, still in its infancy, will exceed $2 billion by 2002. Considering the expanding market, Ba ttery Venture's recent investment in the L0pht in the formation of @Stake is simply good business.

@Stake is a new type of security consultancy, at least from a marketing perspective. From a delivery perspective, @Stake/the L0pht has been securing networks for corporate America for years. Last year, the L0pht audited an eCommerce si te for one of the biggest financial institutions in the world. This site continues to withstand on-going Denial of Service attacks and routine network attacks and has yet to be compromised. With that in mind, we think that @Stake is a viable organization to examine when evaluating security outsourcing vendors, along with Ernst & Young, Deloitte & Touche, and Arca Systems .

When it comes to hiring consultants, what is typically most important to IT decision makers is the deliverables that can be achieved, and the timeframe in which it takes to produce them.

Before hiring any security consultancy, make sure you understand what deliverables you are looking for before signing any purchase orders or contracts. Are you looking for an Architecture Plan, a Service Level Description, or a Network Vulnerability Assessment?

If you have any doubts about a security consultancy's capabilities, ask them for references that include names and phone numbers.

If you do hire @Stake, don't worry, they won't show up in ski masks. Oh, and don't forget to ask to see the lock-picking demo.