Penetration Testing mailing list archives
Re: My Frustrations
From: Sat Jagat Singh <flyingdervish () yahoo com>
Date: Thu, 18 Dec 2008 15:54:27 -0800 (PST)
Having read your blog post, I would say that I share some of these frustrations. But many organizations are really only trying to cover their asses and put a check in the box to say that, yes we got an assessment done to satisfy the letter of the regulations. These are companies that are more concerned about the cost of the project than the actual security. While such people tend to get what they deserve, it does create a negative reputation for the profession as a whole. Yes, I do think it is a "profession", but we have not "professionalized" ourselves by requiring licensing. The industry reliance on certification rather than licensing as a credential somewhat serves to muddy the waters because the decision makers hiring security consultants don't really know what a given certification covers. We could debate the value of different certifications until the cows come home but I don't want to insult anyone and we can probably agree that too many of them do not guarantee that the holder has real qualifications and the security unsavy will never really know how to evaluate that. More and more I lean toward some form of professional licensure. One of the states will have to move in this direction before a serious debate about it will be opened. Until then, caveat emptor. --- On Wed, 12/17/08, Adriel T. Desautels <ad_lists () netragard com> wrote:
From: Adriel T. Desautels <ad_lists () netragard com> Subject: My Frustrations To: "pen-test list" <pen-test () securityfocus com> Date: Wednesday, December 17, 2008, 11:19 AM I recently wrote this blog entry and wanted to get some comments from readers of this list. I'm frustrated with the caliber of the people that are offering security services and posing as experts, thats the subject of the post. Please comment, insult, whatever... I'm interested. http://snosoft.blogspot.com/ Adriel T. Desautels ad_lists () netragard com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- RE: My Frustrations, (continued)
- RE: My Frustrations THOMAS, DEDRIC (ATTCLSMA) (Dec 18)
- Re: My Frustrations security curmudgeon (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- RE: My Frustrations suess13 (Dec 19)
- Re: My Frustrations Adriel T. Desautels (Dec 19)
- RE: My Frustrations Alex Eden (Dec 19)
- RE: My Frustrations Nick Vaernhoej (Dec 19)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations Pete Herzog (Dec 20)
- Message not available
- Re: My Frustrations Pete Herzog (Dec 21)
- RE: My Frustrations Shenk, Jerry A (Dec 18)
- Re: My Frustrations tony_l_turner (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 19)
- Re: My Frustrations Roman Medina-Heigl Hernandez (Dec 23)
- Re: My Frustrations Adriel T. Desautels (Dec 23)
- Re: My Frustrations Roman Medina-Heigl Hernandez (Dec 23)
- Re: My Frustrations Adriel T. Desautels (Dec 19)