How to recognize untrustworthy computer security companies

A blog post on Bruce Schneier’s personal blog brought to my attention a video commercial from someone who is arguably the worst representative of the computer security industry.

See the video here. But be warned, the company who put out the ad wants you to Be Afraid. Be Very Afraid. (The link to the video does not go to the company mentioned.)

So, how to recognize a bad IT guy from a good IT guy? The bad ones are the ones who speak in hip-hop gangsta language, or who respond to email correspondence like this:

“(name of emailer) you are a fucking joke!!!!! You been doing pen test for 6 years I have been doing for 27 years. I have been in business for 20 years doing it. I wrote 8 books on security. I have contracts with goverment agencies. I will challenge you and any one who wants to go up against me. We can put up $1 million each and have the processed go to charity. If you don’t have a $1 million lying around then you are not a real hacker. 6 years is a joke. You are still a rookie!!!!!!! Now I am call you and everyone else out!!!!!”

Also, the bad ones are the ones who try to frighten you into buying their product or hiring their services.
I think that’s called a protection racket.