RE: Newbie Hacker Tools

["Brunner, Mark" <MBrunner () tor fasken com>]

Edmond,

It does appear that an ethical hackers' course may put you in over your head.  This is based solely on the simplest of 
observations that one can make from an email thread such as this, and could be totally incorrect.  We are talking about 
a $2500 US expenditure if memory serves, plus flight and accommodations if you are heading to Florida to study.

If this is a business venture, you would be better served laying out a business plan to attack this strategically.  
Define your needs, your clients' expectations, the liabilities that you may be incurring, and the services in detail 
that you would anticipate providing.  Now match these items up with what you are capable of and can afford to provide.  
If you lack the skills or tools to perform some function, call in a contract consultant (not a "hacker") to fill the 
void.  Most of these guys are willing to work with you to develop you or your staff, as long as you are up front and 
negotiate it, and don't try to just leech the knowledge that they have spent countless hours over periods of several 
years to acquire.

You will have to invest in your business in order to reap the rewards.

Mark Brunner
Security Manager
Fasken Martineau DuMoulin LLP
Barristers & Solicitors
Patent & Trade Mark Agents
Toronto, Ontario
http://www.fasken.com


This communication is solicitor/client privileged and contains confidential information intended only for the person(s) 
to whom it is addressed. Any unauthorized disclosure, copying, other distribution of this communication or taking any 
action on its contents is strictly prohibited. If you have received this message in error, please notify us immediately 
and delete this message without reading, copying or forwarding it to anyone.



-----Original Message-----
From: Edmond Chow [mailto:echow () videotron ca]
Sent: Friday, January 07, 2005 11:39 AM
To: security-basics () lists securityfocus com; Leif Ericksen
Cc: echow () videotron ca
Subject: RE: Newbie Hacker Tools



Leif and all others who responded to me:

I'm overwhelmed with your willingness to help a newbie like me!  Thanks for
all your helpful suggestions and I will ask more questions after I've had a
chance to go through all of your emails.

Many of you have suggested a formal ethical hacking course for me.
Suggestions have included SANS, CompTIA, InfoSec Institute, etc.  Have any
of you taken courses with any of these companies and could you share your
feedback with me.  In particular, the InfoSec Institute has an Ethical
Hacking course that is being taught by Jack Koziol.  I've read that he's
pretty highly regarded in the industry.  SANS is offering a training seminar
in Orlando in February where I could take an ethical hacking course as well.

One thing that's holding me back from taking a course at this point is the
fact that the material may well be way over my head and I might not enjoy
the full value of the course.  Any opinions?  For sure, I would think that
taking a course right now could very well bring me from 1 to a 7 (on a scale
of 10) in a few weeks versus me spending the next few months getting to that
point.

There's also the point about certifications.  InfoSec offers the CEH
certification whereas others such as SANS offers GSEC and others.  Is there
a preferred/recommended certification for ethical hackers?

Again, thanks and I very much value your advice.  And for those who feel
offended by my lack of knowledge on the subject, please let me apologize in
advance.

Regards,


Edmond