PaulDotCom mailing list archives

Re: Best ROI Combination - Metasploit & Training

From: Josh More <jmore () starmind org>
Date: Fri, 7 Dec 2012 22:30:07 -0600

When I went through that exercise, we also moved from Nexpose with
Metasploit Pro down to just Nexpose and are now working with Nessus and a
handful of other open source tools.  I think the primary determining factor
is whether you want your team's intelligence in the people or in the
tools.  Both are valid choices, of course, but if you've got the good
people who are likely to stick around, it's going to be cheaper in the long
run to boost them.

For SANS courses, I think that any of them would be good, but you should
pick the one that you are least comfortable attending. That will maximize
your learning and minimize the amount of time you spend rehashing what you
already know.  The trick, I've found, is to keep the learning going after
you take a class.  if you do that, the specific class isn't going to matter
as much as the fact that you have a continual improvement process focused
on your people.

-Josh More



On Fri, Dec 7, 2012 at 3:39 PM, Arch Angel <arch3angel () gmail com> wrote:

Good Afternoon Everyone,

Our company is reviewing vulnerability management suites and Metasploit
for validation and penetation testing.  Right now we are leaning towards
Rapid7, but would like others opinions on Qualys, McAfee, nCircle, and
Lumension.  Rght now Rapid7 wants to sell us Nexpose with Metasploit Pro
and training.  I don't believe this will have the best ROI.  I believe that
we could purchase NexPose, use Metasploit Community, and go to SANs for the
training.  I believe this will be less expensive and be an overall better
choice in the long haul.

If SANS is choosen what courses would be the best over all for this
project?

My opinion are these courses, in order:

     SEC560: Network Penetration Testing and Ethical Hacking
     SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses
     SEC542: Web App Penetration Testing and Ethical Hacking

What are your opinions?

Thanks All!

Robert
(arch3angel)

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Best ROI Combination - Metasploit & Training Arch Angel (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Larry Pesce (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Josh More (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Michael Allen (Dec 08)
  - Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 10)
    - Re: Best ROI Combination - Metasploit & Training Albert R. Campa (Dec 11)
    - Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 11)
    - Re: Best ROI Combination - Metasploit & Training Josh More (Dec 11)
    - Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 12)
    - Re: Best ROI Combination - Metasploit & Training Todd Haverkos (Dec 13)
    - Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 13)
    - Re: Best ROI Combination - Metasploit & Training Ron Gula (Dec 14)
    - Re: Best ROI Combination - Metasploit & Training Albert R. Campa (Dec 14)

(Thread continues...)