Security Basics mailing list archives
RE: Pentester vs IT security analyst
From: "Brian Fritts" <bfritts () wcmc org>
Date: Wed, 20 Jun 2012 15:30:50 -0500
IT Security Analyst: Overworked, underpaid, former network individual who was shoved into the "Security is the next big thing" area. Individual is usually required to protect Fort Knox with string, bubble gum, and an old paperclip from an unseen army of "Evil Hackers" bent on world domination via your computer network. 90% of the time, those "Evil Hackers" are internal users who feel the need to stress test the network by plugging every virus infected USB Flash drive that they find on the subway into they're work computer. User is expected by Administration to understand every nuance of systems ranging from software that has only been used once by "that one guy who went crazy and quit" to those of the 30 year old computer that has been setting at the back of a closet, getting dripped on by a leaker pipe running the most critical software applications on a windows ME home brew server that hasn't been updated since the day it was installed and has never even seen antivirus. Penetration Tester: Overworked, starving freelance hippie who thought he would be reliving the movie "Hackers" only legally. Individual is expected by cliental to be able to break into any system at any time, on command, without being given any prior information, using top secret super programs that even the FBI doesn't know exists, then be able to give a detailed step by step documentation of how it was performed using only one button so that the client can just do it themselves next time without having to hire you again. Individual will then be criticized for anything that breaks while he is performing the pen testings and be told " you should have known it would break it our super rare computer program that we didn't even tell you we had". Even if they are simply sending a ping request to server A and Server B's power supply fails, you will be blamed and expected to pay for the repairs to their $30,000 windows ME machine that was running their most critical software that was damaged so bad that they will now have to purchase a new server. Security Analysts dream of the freedom of Pen Testers Pen Testers dream of the stability of Security Analysts -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of haZard0us Sent: Wednesday, June 20, 2012 1:57 PM To: moranc () twp grand-blanc mi us Cc: security-basics () securityfocus com Subject: Re: Pentester vs IT security analyst Q: IT Sec Analyst vs PenTester? If I had to answer this without further research, it would be: A: Defensive Security vs. Offensive Security. --haZ On Jun 20, 2012, at 5:06 PM, moranc () twp grand-blanc mi us wrote:
What is the difference between an IT security analyst and a
penetration tester? Some say they are similar and some say Security analyst do similar things just more policy work. Thanks for your input guys.
---------------------------------------------------------------------- -- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4 42f727d1 ---------------------------------------------------------------------- --
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ ----------------------------------------- IMPORTANT NOTICE - The information (both of the message and any attachments) contained in this message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or an agent responsible for delivering it to an intended recipient, or has received this message in error, you are hereby notified that White County Medical Center does not consent to any reading, dissemination, distribution or copying of this message and any such actions are strictly prohibited. If you have received this message in error, please notify the sender immediately and destroy the transmitted information. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Pentester vs IT security analyst moranc (Jun 20)
- Re: Pentester vs IT security analyst haZard0us (Jun 20)
- RE: Pentester vs IT security analyst Bahrs, Art (Jun 20)
- RE: Pentester vs IT security analyst Brian Fritts (Jun 20)
- RE: Pentester vs IT security analyst Robert Davis (Jun 21)
- Re: Pentester vs IT security analyst gold flake (Jun 21)
- Re: Pentester vs IT security analyst haZard0us (Jun 20)