Penetration Testing mailing list archives
Re: Penetration tester or Ethical hacker future?
From: James Kelly <macubergeek () comcast net>
Date: Mon, 3 Sep 2007 09:12:27 -0400
Fortunately or unfortunately pen testing seems to be the ONLY external security validation many organizations have. You can't trust that to the IT staff (sys admins) who have a vested interest in status quo. Many firms may have a CISO, but that person is largely a security policy person, not a technical security person (in most cases). Additionally you have to separate out legal compliance issues from pure security issues.
When you consider all the above, the pen tester acts in a quasi auditing role in many instances. Given that, pen testing can be valuable within the limits of the budget.
Jk On Aug 31, 2007, at 10:29 AM, Paul Melson wrote:
Nikos Tsagarakis wrote:I do not believe that penetration testing is a waste of money.Of course you don't, you're a pen tester! And lots of customers don'tbelieve it's a waste of money, either. But for those that have invested in pen-testing, they do it with the expectation that you'll find and report theholes to them before the bad guys do. And when a company spends onpen-testing and gets hacked anyway, it's pretty hard to convince them of thevalue of those pen tests. PaulM
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Penetration tester or Ethical hacker future? James Kelly (Sep 04)
- <Possible follow-ups>
- Re: Re: Penetration tester or Ethical hacker future? shyaam (Sep 04)
- Re: Penetration tester or Ethical hacker future? crazy frog crazy frog (Sep 04)