Penetration Testing mailing list archives
Re: My Frustrations
From: security curmudgeon <jericho () attrition org>
Date: Thu, 18 Dec 2008 15:35:07 +0000 (UTC)
: I recently wrote this blog entry and wanted to get some comments from : readers of this list. I'm frustrated with the caliber of the people that : are offering security services and posing as experts, thats the subject : of the post. Please comment, insult, whatever... I'm interested. : : http://snosoft.blogspot.com/ You are preaching to a (very small) choir here. The kind of choir where everyone thinks they are a part of. First, this problem isn't new [1]. The industry has had its fair share of charlatans and frauds over the years. In the last five years, the number of posts to this list and others is bordering on absurd, that start out with "i've been [hired|told|contracted] to do a pen test of our [network|application|physical] security, where do i begin?" Many of the posts are done from gmail accounts that have no obvious association with a name or company, for obvious reasons. Second, the number of times you see these questions come from 'certificed' professionals is silly. I frequently get forwards from lists full of CISSPs that post this kind of question, begging the world to wonder why anyone thinks that certification holds water. If not certified, from people with 'security' and/or 'engineer' in their official title. Some posts suggest a company decided to tell a junior analyst to do a full blown pen-test, likely to save a few bucks. Others, the wannabe-pentester is definitely over eager and grossly exaggerating their claims of being qualified. Last, it's only going to get worse. - jericho [1] http://attrition.org/errata/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: My Frustrations, (continued)
- Re: My Frustrations security curmudgeon (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 18)
- Re: My Frustrations Alex Moen (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 19)
- RE: My Frustrations Baykal, Adnan (CSCIC) (Dec 19)
- RE: My Frustrations Erin Carroll (Dec 19)
- Re: My Frustrations H D Moore (Dec 18)
- Re: My Frustrations Nick Besant (Dec 18)
- RE: My Frustrations THOMAS, DEDRIC (ATTCLSMA) (Dec 18)
- Re: My Frustrations Nick Besant (Dec 18)
- Re: My Frustrations security curmudgeon (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- RE: My Frustrations suess13 (Dec 19)
- Re: My Frustrations Adriel T. Desautels (Dec 19)
- RE: My Frustrations Alex Eden (Dec 19)
- RE: My Frustrations Nick Vaernhoej (Dec 19)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- Message not available
- Re: My Frustrations Pete Herzog (Dec 21)
- RE: My Frustrations Shenk, Jerry A (Dec 18)