Penetration Testing mailing list archives
RE: My Frustrations Step Two
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Thu, 18 Dec 2008 12:30:41 -0800
That's a difficult question with no clear-cut answers. I can say that my approach to this is one of education to prospective clients. During the initial scope or RFP process, I make it quite clear that, even if they choose another vendor, there are questions they should ask to determine if the service provider is qualified to meet their needs. There have been cases where clients have needs which I don't feel comfortable in tackling (either due to lack of experience, available resources, or is a realm we don't specialize in) but have served as a sounding board or referral source to point them to a provider which can meet their requirements. Either my company can do it (and do it right), or we will happily recommend or refer them to someone who can. In the long run this has come back to serve us quite well. -- Erin Carroll Moderator, SecurityFocus pen-test mailing list "I cannot brain today, I have the dumb" -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adriel T. Desautels Sent: Thursday, December 18, 2008 4:28 AM To: Jamie Riden Cc: pen-test list Subject: My Frustrations Step Two
So it appears to me that the solution to this problem is to provide the customer with ammunition so that they can quickly shoot down the fraudulent security experts and properly identify the real ones. There are different services, different classifications of service, different threat levels, etc. If our customers knew how to identify what they needed, they could use that to choose a good provider with much more success. But thats the real problem isn't it? Our customers aren't security experts and as a result they don't know what they need... So, what questions can we arm our customers with so that they can weed out the Frauds? Adriel T. Desautels ad_lists () netragard com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations Jamie Riden (Dec 18)
- My Frustrations Step Two Adriel T. Desautels (Dec 18)
- RE: My Frustrations Step Two Erin Carroll (Dec 18)
- Re: My Frustrations Step Two Leonardo Cavallari Militelli (Dec 18)
- Re: My Frustrations Step Two Alex Moen (Dec 18)
- Re: My Frustrations Step Two Matt (Dec 18)
- Re: My Frustrations Step Two Paul Melson (Dec 19)
- Re: My Frustrations Step Two Adriel T. Desautels (Dec 19)
- My Frustrations Step Two Adriel T. Desautels (Dec 18)
- Re: My Frustrations Jamie Riden (Dec 18)
- Re: My Frustrations security curmudgeon (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 19)