Penetration Testing mailing list archives
RE: Ethical Hacking Training
From: "Don Parker" <dparker () rigelksecurity com>
Date: Tue, 20 Jan 2004 18:26:30 -0500 (EST)
That is very much flawed reasoning Rob. It is fine to understand things at a theoritical level. You do however also need to be able to implement things at a technical level as well. Take for example using an application layer f/w to help prevent the normal rash of exploit code sent against applications. Some will still get through depending on the programmers skill level. You will still need to recognize an egg when you see it on the wire though. This is what I mean by understanding not only the theoritical if you like, but also more importantly the technical as well. Not to open up another huge can of worms here but I liken your argument to "a CISSP will be able to do a fine job as a security officer". I would obviously disagree. You want someone with technical skills, and not the management type mindset and skill level. Each has their value. What is needed is though is a blend of both. Cheers ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- On Jan 20, "Rob Shein" <shoten () starpower net> wrote: As much as I think that it's valuable for security personnel to know how their attackers think and operate, I think this particular analogy is flawed. Hacking is not part of the job, necessarily, any more than flying is part of the programmers job in this example. I have known many excellent security officers who couldn't run an exploit (and never had), but who really knew their stuff and put it to use in real-world environments. It is possible to know how to defend a network without knowing the details of how to break into it; you're defending against concepts, not keystrokes. <snip for b/w> --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Ethical Hacking Training, (continued)
- Re: Ethical Hacking Training Don Parker (Jan 19)
- Re: Ethical Hacking Training Kevin Johnson (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 19)
- RE: Ethical Hacking Training S. Thomas (Jan 20)
- RE: Ethical Hacking Training DeGennaro, Gregory (Jan 20)
- Re: Ethical Hacking Training Hamish webhosting.net.nz (Jan 20)
- Ethical Hacking Training Daryl Davis (Jan 20)
- Re: Ethical Hacking Training Jeff Shawgo (Jan 20)
- Re: Ethical Hacking Training Chris Kirschke (Jan 20)
- RE: Ethical Hacking Training Kohlenberg, Toby (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 20)
- Re: Ethical Hacking Training Don Parker (Jan 19)