Penetration Testing mailing list archives
Re: Ethical Hacking Training
From: "Chris Kirschke" <durnie () hushmail com>
Date: Tue, 20 Jan 2004 13:05:24 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim, I disagree strongly with your statement "So why employ a security officer who has no idea how to hack." I would not hire a technical staff level person that doesn't know the ins & outs of "hacking" per se, I would however hire a "security officer" that doesn't. An officer level position isn't someone that sits and hacks, but spends the majority of their time developing policy, strategy, budgets, project plans, managing staff, etc... I cna tell you from experience that most "security officers" in the Financial Services aren't spending their spare time "hacking" but enjoying the time they get :-) Or maybe we have different definitions of "officer: :-) durnie On Mon, 19 Jan 2004 14:10:27 -0800 Tim Gurney <tim () offswn net> wrote:
Mostly i lurk on thsi list, this this is a topic i feel strongly about. Let me give you an example, would you employ someone to write code for a real time fly by wire system who had no experience of doing it ? NO! So why employ a security officer who has no idea how to hack. If you dont know how to do it, you wont know how others do it and you wont know how to stop it. you need to have "played the game" to know where to look, and how to read between the lines and have contacts in the underground groups. Yes i am speaking from experience, i am a free lanse security consultant,
and i have played the other side of the fence while at uni, and i dont trust any security specialist who hasnt done the same. just my 2p ---------------------------------------------------------------- ----------- ---------------------------------------------------------------- ------------
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAkANmLIACgkQ3UH5NRolsbajFwCePtpMI3o3x2YEwywwSCGlbapzlLIA nicbUOAY8r9JaBjV8rl9z8hUo89Y =DGkF -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Ethical Hacking Training, (continued)
- Re: Ethical Hacking Training Stormwalker (Jan 20)
- RE: Ethical Hacking Training Kurt (Jan 20)
- Re: Ethical Hacking Training Don Parker (Jan 19)
- Re: Ethical Hacking Training Kevin Johnson (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 19)
- RE: Ethical Hacking Training S. Thomas (Jan 20)
- RE: Ethical Hacking Training DeGennaro, Gregory (Jan 20)
- Re: Ethical Hacking Training Hamish webhosting.net.nz (Jan 20)
- Ethical Hacking Training Daryl Davis (Jan 20)
- Re: Ethical Hacking Training Jeff Shawgo (Jan 20)
- Re: Ethical Hacking Training Chris Kirschke (Jan 20)
- RE: Ethical Hacking Training Kohlenberg, Toby (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 20)