Penetration Testing mailing list archives

RE: My Frustrations Step Two

From: "Erin Carroll" <amoeba () amoebazone com>
Date: Thu, 18 Dec 2008 12:30:41 -0800

That's a difficult question with no clear-cut answers. I can say that my
approach to this is one of education to prospective clients. During the
initial scope or RFP process, I make it quite clear that, even if they
choose another vendor, there are questions they should ask to determine if
the service provider is qualified to meet their needs. There have been cases
where clients have needs which I don't feel comfortable in tackling (either
due to lack of experience, available resources, or is a realm we don't
specialize in) but have served as a sounding board or referral source to
point them to a provider which can meet their requirements. 

Either my company can do it (and do it right), or we will happily recommend
or refer them to someone who can. In the long run this has come back to
serve us quite well.



--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"I cannot brain today, I have the dumb"

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Adriel T. Desautels
Sent: Thursday, December 18, 2008 4:28 AM
To: Jamie Riden
Cc: pen-test list
Subject: My Frustrations Step Two


So it appears to me that the solution to this problem is to provide  
the customer with ammunition so that they can quickly shoot down the  
fraudulent security experts and properly identify the real ones. There  
are different services, different classifications of service,  
different threat levels, etc. If our customers knew how to identify  
what they needed, they could use that to choose a good provider with  
much more success. But thats the real problem isn't it? Our customers  
aren't security experts and as a result they don't know what they  
need...

So, what questions can we arm our customers with so that they can weed  
out the Frauds?


Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations Jamie Riden (Dec 18)
  - My Frustrations Step Two Adriel T. Desautels (Dec 18)
    - RE: My Frustrations Step Two Erin Carroll (Dec 18)
    - Re: My Frustrations Step Two Leonardo Cavallari Militelli (Dec 18)
    - Re: My Frustrations Step Two Alex Moen (Dec 18)
    - Re: My Frustrations Step Two Matt (Dec 18)
    - Re: My Frustrations Step Two Paul Melson (Dec 19)
    - Re: My Frustrations Step Two Adriel T. Desautels (Dec 19)
  - Re: My Frustrations security curmudgeon (Dec 18)
  - Re: My Frustrations M.B.Jr. (Dec 18)
- Re: My Frustrations Alex Moen (Dec 18)
  - Re: My Frustrations Adriel T. Desautels (Dec 18)
  - Re: My Frustrations M.B.Jr. (Dec 19)

(Thread continues...)