PaulDotCom mailing list archives
Re: Best ROI Combination - Metasploit & Training
From: Josh More <jmore () starmind org>
Date: Fri, 7 Dec 2012 22:30:07 -0600
When I went through that exercise, we also moved from Nexpose with Metasploit Pro down to just Nexpose and are now working with Nessus and a handful of other open source tools. I think the primary determining factor is whether you want your team's intelligence in the people or in the tools. Both are valid choices, of course, but if you've got the good people who are likely to stick around, it's going to be cheaper in the long run to boost them. For SANS courses, I think that any of them would be good, but you should pick the one that you are least comfortable attending. That will maximize your learning and minimize the amount of time you spend rehashing what you already know. The trick, I've found, is to keep the learning going after you take a class. if you do that, the specific class isn't going to matter as much as the fact that you have a continual improvement process focused on your people. -Josh More On Fri, Dec 7, 2012 at 3:39 PM, Arch Angel <arch3angel () gmail com> wrote:
Good Afternoon Everyone, Our company is reviewing vulnerability management suites and Metasploit for validation and penetation testing. Right now we are leaning towards Rapid7, but would like others opinions on Qualys, McAfee, nCircle, and Lumension. Rght now Rapid7 wants to sell us Nexpose with Metasploit Pro and training. I don't believe this will have the best ROI. I believe that we could purchase NexPose, use Metasploit Community, and go to SANs for the training. I believe this will be less expensive and be an overall better choice in the long haul. If SANS is choosen what courses would be the best over all for this project? My opinion are these courses, in order: SEC560: Network Penetration Testing and Ethical Hacking SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses SEC542: Web App Penetration Testing and Ethical Hacking What are your opinions? Thanks All! Robert (arch3angel) _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Best ROI Combination - Metasploit & Training Arch Angel (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Larry Pesce (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Josh More (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Michael Allen (Dec 08)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 10)
- Re: Best ROI Combination - Metasploit & Training Albert R. Campa (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Josh More (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 12)
- Re: Best ROI Combination - Metasploit & Training Todd Haverkos (Dec 13)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 13)
- Re: Best ROI Combination - Metasploit & Training Ron Gula (Dec 14)
- Re: Best ROI Combination - Metasploit & Training Albert R. Campa (Dec 14)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 10)