PaulDotCom mailing list archives

Re: Yet another request for career advice.

From: Brian Erdelyi <brian_erdelyi () yahoo com>
Date: Wed, 12 Sep 2012 18:12:31 -0300

I love your enthusiasm.

Before you start scanning systems on the network for vulnerabilities please discuss with management and get their 
approval.  Nothing worse then bringing down a network or critical system (I think many of us have in the beginning of 
our careers).  Do not scan aggressively and let others know the times you are doing the scans.  Do it one network at a 
time rather than all at once.

Be careful of  how you present the findings.  Try not to use scare tactics.  Everything's needs to be put in 
perspective of the value of the information or criticality of the system.

Be sure to suggest a remediation plan as well.  Id you say there are X high, medium and low risk findings be sure to 
explain what those categories mean.

B

Sent from my iPhone

On Sep 12, 2012, at 2:41 PM, A D <hackermuscle () gmail com> wrote:

Hi all.

I recently started working for a new company (beginning of the year)
as part of the networked systems team. We currently manage 300 or so
systems provisioned at a handful of datacenters around the world. 97%
of the systems or running Linux. We have no official security team.
Just good common sense and a need to steer clear of becoming
compromised. My last few jobs I have always been the security
administrator (perimeter security services) so I have some experience
and built in paranoia about what goes on behind the scenes. This
appears to me to be a perfect opportunity to really jump into a
security role by taking the lead in providing vulnerability scans and
penetration testing for the company. I have had exposure to the
typical scanning tools pre-installed with the Backtrack distro and
some others. Although, my Metaspoit skills suck at the moment.

With the hope of providing some quick results and to get my employer
interested in my abilities I am going to jump right in and start doing
whitebox testing using NMAP and Nessus.

What suggestions do you guys have to allow me to step up to the
challenge? This is what want to do in the next phase of my career.

Thanks in adv.

HM
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Yet another request for career advice. A D (Sep 12)
- Re: Yet another request for career advice. Josh More (Sep 12)
  - Re: Yet another request for career advice. Michael Dickey (Sep 12)
- Re: Yet another request for career advice. Brian Erdelyi (Sep 12)
- Re: Yet another request for career advice. gold flake (Sep 18)