Thus far, I have spoken of the old and new skill sets in security. The Hacker was the typical security analyst of the late 1990s era, as described in Chapter 2. In Chapter 3, I introduced the checklists and standards evangelist (CASE) paradigm-and it was this phenomenon that replaced the Hacker ethic in security service provision and end-user information risk management. The CASE is a skill set as deployed in security today. It can be technically oriented in that they do have IT skills, but the actual practices of modern-day security departments are mostly nontechnical in nature.