AW: Why Penetration Test?

[Jörg Maaß <joerg.maass () gmx de>]

Dear Intel,
The things you state motivated me to move into organizational and process
consulting. Basically, "every morning, another fool rises" (German proverb).
Human failure is a part of every organization, and hardly anybody can claim
to be perfect.
If you discover organizational and procedural flaws in your customer's
organization, you should be able to describe them matter-of-factly in your
report and make suggestions on how to get rid of them and improve the
effectiveness of the organization. Don't evangelize. Give them the facts,
give them your recommendations and let them decide.
If they refuse to follow your recommendation or discard it, so be it. You
can't save the world. Chances are, you'll be back sometime soon and maybe
then they will be ready to listen.
And if they need more budget, super! Tell them that they'll need budget to
improve their processes, and you're the one to show them how!
Just my 2 cents.

Kind regards


Jörg Maaß

-----Ursprüngliche Nachricht-----
Von: intel96 [mailto:intel96 () bellsouth net] 
Gesendet: Mittwoch, 15. Juni 2005 03:12
An: pen-test () securityfocus com
Cc: lists () isecom org
Betreff: Re: Why Penetration Test?

<snip>  These things require leadership to fix not more 
funding!!!!!!!!! How do you state that in a report?

So IMHO every project is different based on the customer's needs (more 
funding and more head count).  The other issue is how to set the clowns 
apart from the professionals, which is becoming harder to do because 
there are more clowns and not enough professional and the clowns are 
hurting the rest of us....
<snip>