Penetration Testing mailing list archives

Re: My Frustrations Step Two

From: Matt <matt () mrssecurity com>
Date: Thu, 18 Dec 2008 21:02:22 +0000

Adriel T. Desautels wrote:

So it appears to me that the solution to this problem is to providethe customer with ammunition so that they can quickly shoot down thefraudulent security experts and properly identify the real ones. Thereare different services, different classifications of service,different threat levels, etc. If our customers knew how to identifywhat they needed, they could use that to choose a good provider withmuch more success. But thats the real problem isn't it? Our customersaren't security experts and as a result they don't know what they need...
So, what questions can we arm our customers with so that they can weedout the Frauds?
Adriel T. Desautels
ad_lists () netragard com

Having managed to advoid the 24 TV show for a number of years i havebeen forced to start watching it as i was bored. So far, 8 episodes in iam rather enjoying it.


However, this thread caught my eye while googling Kim Bauer.

There are a number of courses and exams out there that attempt to guagea persons penetration testing skills for example in the UK the CHECK,TIGER and CREST schemes. No easy feat in themselves to pass.

We have attempted in the UK to educate customers that using pencompanies with links into these exams and having employees that havepassed these schemes is a good thing rather than the one man show.

I think educating a customer to look at previous work that you havedone, and customer references is the way to go.


Customers tend to go with other customer recommendations.

At the end of the day everyone on here is effectively competing againsteach other for work and i am afraid in this day and age its starting tocome down to price and the promise that it will be delivered.

BUT... its nice to see some of the big names are popping up in thislist/thread.


I'm going back to 24 now..





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations Jamie Riden (Dec 18)
  - My Frustrations Step Two Adriel T. Desautels (Dec 18)
    - RE: My Frustrations Step Two Erin Carroll (Dec 18)
    - Re: My Frustrations Step Two Leonardo Cavallari Militelli (Dec 18)
    - Re: My Frustrations Step Two Alex Moen (Dec 18)
    - Re: My Frustrations Step Two Matt (Dec 18)
    - Re: My Frustrations Step Two Paul Melson (Dec 19)
    - Re: My Frustrations Step Two Adriel T. Desautels (Dec 19)
  - Re: My Frustrations security curmudgeon (Dec 18)
  - Re: My Frustrations M.B.Jr. (Dec 18)
- Re: My Frustrations Alex Moen (Dec 18)
  - Re: My Frustrations Adriel T. Desautels (Dec 18)
  - Re: My Frustrations M.B.Jr. (Dec 19)
    - RE: My Frustrations Baykal, Adnan (CSCIC) (Dec 19)
    - RE: My Frustrations Erin Carroll (Dec 19)
- Re: My Frustrations H D Moore (Dec 18)

(Thread continues...)