Penetration Testing mailing list archives
RE: knowing their job (was: Re: Ethical Hacking Training
From: "Teicher, Mark (Mark)" <teicher () avaya com>
Date: Tue, 20 Jan 2004 11:08:26 -0700
Eric, I disagree, although you do have some valid points. To be successful, one needs to have hands-on knowledge of various operating system administration, configuration, security. The other aspect, one needs to have a good development background to understand whether published exploits actually are valid and are then applicable to the systems one maintains. /mark -----Original Message----- From: Eric McCarty [mailto:eric () lawmpd com] Sent: Tuesday, January 20, 2004 10:45 AM To: Teicher, Mark (Mark); Meritt James; DeGennaro Gregory Cc: Rob Shein; Andy Cuff [Talisker]; pen-test () securityfocus com Subject: RE: knowing their job (was: Re: Ethical Hacking Training While everyone was busy conjuring up google searches for relevant analogies I have thought about this issue and offer this advice. 1). To be successful at information security, you need to know how to hack. You can't just run Windows Update and pretend that's all there is to it. This means reading books, reviewing POC Code, keeping up on the latest vuln's and exploits and recommended hardening procedures. 2). You will not learn how to hack in a week. I'm willing to bet a lot of the people in the infosec field today spent hours of our youth mass-mailing copies of Warcraft 2 using Fate or Ice on Aol 2.5 while phishing using Mass-IM'ers. 3). There is no reason for you not to know how to hack as well as secure, how to exploit as well as patch. What possible reason could there be for ignorance?. Eric McCarty Sys Admin InfoSec Officer -----Original Message----- From: Teicher, Mark (Mark) [mailto:teicher () avaya com] Sent: Tuesday, January 20, 2004 9:01 AM To: Meritt James; DeGennaro Gregory Cc: Rob Shein; Andy Cuff [Talisker]; pen-test () securityfocus com Subject: RE: knowing their job (was: Re: Ethical Hacking Training James, According to Sun Tzu author of "Art Of War" Attack by Strategem in regards to "Ethical Hacking" Training "The general, unable to control his irritation, will launch his men to the assault like swarming ants, with the result that one-third of his men are slain, while the town still remains untaken. Such are the disastrous effects of a siege" -----Original Message----- From: Meritt James [mailto:meritt_james () bah com] Sent: Tuesday, January 20, 2004 9:50 AM To: DeGennaro Gregory Cc: Teicher, Mark (Mark); Rob Shein; Andy Cuff [Talisker]; pen-test () securityfocus com Subject: knowing their job (was: Re: Ethical Hacking Training In which event, they DON'T know their job, if their job is information systems security. Jim "DeGennaro, Gregory" wrote:
"Know your enemy" is nice, "know your job" is, in my opinion, better." There are a lot of professionals that know their job well and know nothing of Infosec.
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: knowing their job (was: Re: Ethical Hacking Training Teicher, Mark (Mark) (Jan 20)
- <Possible follow-ups>
- RE: knowing their job (was: Re: Ethical Hacking Training Eric McCarty (Jan 20)
- RE: knowing their job (was: Re: Ethical Hacking Training Teicher, Mark (Mark) (Jan 20)