Re: Ethical Hacking Training

[Kevin Johnson <kjohnson () secureideas net>]

On Mon, 2004-01-19 at 13:05, Don Parker wrote:
> I fully agree that to defend one *must* know how to attack. I too often hear some
> of my peers say how ,such and such, attack is very script kiddiesh. My usual retort to 
> that is "do you know how to do it?". Most network security people I know have no concept 
> on how to use an exploit, and invoke it let alone code one. Sending someone on 
> an "Ethical Hacking" course can fill most of these gaps in. As I have already stated 
> though the student must come to one of these courses with a certain amount of knowledge 
> before hand or the money is wasted. Prerequisites for such courses must be clearly laid 
> out in the course marketting imho. 
>
> Cheers
>
> -------------------------------------------
> Don Parker, GCIA

Hi-

I think one of the things to remember is what the term means, not
necessarily how people use it.  When I tell some one that I am
considered an ethical hacker.  I am saying that I test the security
posture of a company.  This may include actually "hacking" into their
systems or just assessing their policies.  But no matter what is
included, I also include a remediation report.  This ensures that not
only are they told what the problems are, they are also told how to fix
it.  I understand the need for Ethical Hacker training.  If I didn't
know how to get in, how could I honestly tell them how to keep me out?  

Kevin Johnson



---------------------------------------------------------------------------
----------------------------------------------------------------------------