Re: IT security professionals in demand in 2006

["wilder_jeff Wilder" <wilder_jeff () msn com>]

I'll second that



-Jeff Wilder
CISSP,CCE,C/EH



-----BEGIN GEEK CODE BLOCK-----
 Version: 3.1
        GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
        V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
        G e* h--- r- y+++*
------END GEEK CODE BLOCK------





> From: InfoSecBOFH <infosecbofh () gmail com>
> To: sk <sk () groundzero-security com>
> CC: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] IT security professionals in demand in 2006
> Date: Tue, 6 Dec 2005 09:23:24 -0800
> MIME-Version: 1.0
> Received: from lists.grok.org.uk ([195.184.125.51]) by mc9-f12.hotmail.com 
> with Microsoft SMTPSVC(6.0.3790.211); Tue, 6 Dec 2005 09:24:06 -0800
> Received: from lists.grok.org.uk (localhost [127.0.0.1])by 
> lists.grok.org.uk (Postfix) with ESMTP id 02441407;Tue,  6 Dec 2005 
> 17:23:38 +0000 (GMT)
> Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.204])by 
> lists.grok.org.uk (Postfix) with ESMTP id 83B87266for 
> <full-disclosure () lists grok org uk>;Tue,  6 Dec 2005 17:23:27 +0000 (GMT)
> Received: by xproxy.gmail.com with SMTP id s9so67779wxcfor 
> <full-disclosure () lists grok org uk>;Tue, 06 Dec 2005 09:23:24 -0800 (PST)
> Received: by 10.70.65.17 with SMTP id n17mr926990wxa;Tue, 06 Dec 2005 
> 09:23:24 -0800 (PST)
> Received: by 10.70.60.14 with HTTP; Tue, 6 Dec 2005 09:23:24 -0800 (PST)
> X-Message-Info: JGTYoYF78jE2PiQ7BFXEAtaW1Env+daBcE9TFCc5BhI=
> X-Original-To: full-disclosure () lists grok org uk
> Delivered-To: full-disclosure () lists grok org uk
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; 
> d=gmail.com;h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;b=Ff3SbACkUKYxR6NBrF3JkVCmfhcP46CeHTYG3k5JzfxGGB4Y1z5mPYNyMKY02BDnrK2pQHsURU7tHv+jVNuuc9dFfD1GaMWRu9q1lc6NbuVrZLvbwf3FNX+s2tFkHTXZeooy/BF4EKg9v7Jgd3V1JUaEHvmP5YxCEdfFxHzO4Mk=
> References: 
> <6450e99d0512041801p4adf24bclb8deaeefd203fa9a () mail gmail com><00bc01c5f945$fc232af0$0100a8c0@nuclearwinter>
> X-BeenThere: full-disclosure () lists grok org uk
> X-Mailman-Version: 2.1.5
> Precedence: list
> List-Id: An unmoderated mailing list for the discussion of security 
> issues<full-disclosure.lists.grok.org.uk>
> List-Unsubscribe: 
> <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, 
> <mailto:full-disclosure-request () lists grok org uk?subject=unsubscribe>
> List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure>
> List-Post: <mailto:full-disclosure () lists grok org uk>
> List-Help: <mailto:full-disclosure-request () lists grok org uk?subject=help>
> List-Subscribe: 
> <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, 
> <mailto:full-disclosure-request () lists grok org uk?subject=subscribe>
> Errors-To: full-disclosure-bounces () lists grok org uk
> Return-Path: full-disclosure-bounces () lists grok org uk
> X-OriginalArrivalTime: 06 Dec 2005 17:24:08.0317 (UTC) 
> FILETIME=[DD7A4AD0:01C5FA89]
>
> You are confusing terms here I think.  VUlnerability Assessment = scanner 
> tools
>
> Pen-Test = actual skill.  At least thats how those consultants with a
> clue should be selling it.  A Vuln Assessment has value, but can be
> done by anyone.  A Pen-Test, takes a lot more time, the value is
> aguable, and only the skilled can actually do them.
>
> On 12/4/05, sk <sk () groundzero-security com> wrote:
> > CISSP is bullshit. as eeye said 99% of the security consultants do their
> > pen-tests with automated tools which is pathetic in my opinion.
> > if you cant write exploits, you are no professional, more like a steam
> > blower. how can someone be professional when he doesnt
> > even understand how an exploit works in deep? what if there are custom
> > scripts or exotic daemons installed? without beeing able to audit
> > code and understand how certain bugs are beeing exploited, how can 
> someone
> > think he got enough clue to do a professional security audit?
> > its just a rip off of the customers as simple as that. or would you pay
> > someone to run an automated tool against your host, sit back and wait
> > till a nice pdf statistic is generated so he got something to present to
> > you? of course you wouldnt. in the 90s the people still had to learn on
> > their own and all the mainstream hackers who speak at your conventions 
> didnt
> > learn their knowledge from stupid class rooms.
> > everyone who thinks hes a security professional or even a hacker after 
> he
> > made some certs, is just living in a dream world.
> > then again the media plays well with the steam blowers so they can make 
> a
> > nice living..
> > sorry i just had to say that since its going on my nerves how all these
> > people suddenly think their stupid certs make em special, but then if
> > it comes to knowledge everyone is cluless...
> >
> > -sk
> > ----- Original Message -----
> > From: "Ivan ." <ivanhec () gmail com>
> > To: <full-disclosure () lists grok org uk>
> > Sent: Monday, December 05, 2005 3:01 AM
> > Subject: [Full-disclosure] IT security professionals in demand in 2006
> >
> >
> > > http://www.computerworld.com.au/index.php/id;923889191;fp;16;fpid;0
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/