Dailydave mailing list archives
Re[2]: Consulting companies are not recruiting companies
From: Halvar Flake <halvar () gmx de>
Date: Thu, 26 Feb 2004 23:35:25 +0100
Hey all, DA> As far as most beginners feel, they are in fact, beamed in by aliens. DA> We're not talking an advanced exploit development class taught by DA> Horizon, Noir, and LSD (etc etc) here. We're just talking something DA> that gets someone with very little programming experience into writing DA> basic Windows stack overflows. It's that first one that's the hardest. DA> To do this, you need a pure-python framework that lets students DA> concentrate on one aspect of the job at a time. What doesn't scale are DA> the instructors... I am not sure if it makes much sense to get people that are not fluent in assembly (e.g. very little programming experience) to write exploits, specifically for anything that is closed-source. As soon as they run into their first "real" problem, they will be lost & confused; teaching them how to do a "by-the-book" exploit for a stack smash is IMO not all that much help. Teaching basics is oftentimes more helpful than teaching "advanced" moves without the basics. Then again, I tend to be delusional and think the way I walked is the "right" way, which is oftentimes plain wrong -- no need to repeat the same mistakes over and over when one could learn from them. Ahwell. Has anyone on this list heard of a conference called CCCT'04 ? Or of an organisation called IIIS ? http://www.iiisci.org/ccct2004/WebSite/Default.asp I would be very grateful if someone on this list could clue me in on what they are and what they do -- I haven't heard of them before, and the CFP for their conference is quite unusual. Cheers, Halvar DA> | |>> So consulting companies eye the long-term, easy to sell, |>> body-filler jobs with envy. They want to inject themselves into a |>> big companies environment as a one-stop-shop for software |>> security, even at the cost of having their best people be hired |>> away from them. DA> | DA> | DA> | You need to define your terms. If you mean the quasi-hacker DA> | whore-houses, perhaps, yes, but there are other "consulting DA> | companies" and "consultants" who don't work that way. DA> | DA> Right - I'm talking the information security space. I think that DA> people once wanted to outsource all of IT security, and the trend is DA> now the other way. |>> My solution, for Immunity, is that I want Immunity to bring |>> something other than a warm body who can do the job. I want |>> Immunity consultants to have that wider view of the industry - to |>> never need training because Immunity trains them internally, and |>> to have experience that may not exactly be relavant today, but |>> will become relavant as our clients change their business. This |>> means having people billing only three weeks instead of four, but |>> I think it makes more money in the long run. |>> |>> What do you guys think? DA> | DA> | DA> | DA> | (pissing away a week this month at RSA, on his own nickel, because DA> | it's useful in developing a wider view of the industry.) DA> Why isn't your (and everyone else's) company paying for this? I find DA> the reluctance of companies to pay for conferences weird. It's not DA> like they really cost that much. They'll happily buy software that's DA> 50K per seat, but then not spend 5K to train their person on why they DA> bought it in the first place. I keep seeing people going to BlackHat DA> on their own dollar - it's odd. DA> - -dave DA> -----BEGIN PGP SIGNATURE----- DA> Version: GnuPG v1.2.1 (GNU/Linux) DA> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org DA> iD8DBQFAPW8jzOrqAtg8JS8RAodXAKC0xS2+pljXoi7k488svlrdBaqA8QCfUJLP DA> iLKfjXbrOUEN6o7NcgXzO/8= DA> =okaz DA> -----END PGP SIGNATURE----- DA> _______________________________________________ DA> Dailydave mailing list DA> Dailydave () lists immunitysec com DA> http://www.immunitysec.com/mailman/listinfo/dailydave -- Mit freundlichen GrĂ¼ssen Halvar Flake mailto:halvar () gmx de _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Consulting companies are not recruiting companies Dave Aitel (Feb 25)
- Re: Consulting companies are not recruiting companies Rodney Thayer (Feb 25)
- Re: Consulting companies are not recruiting companies Dave Aitel (Feb 25)
- Re: Consulting companies are not recruiting companies Rodney Thayer (Feb 26)
- Re[2]: Consulting companies are not recruiting companies Halvar Flake (Feb 26)
- Re: Consulting companies are not recruiting companies Dave Aitel (Feb 25)
- Re: Consulting companies are not recruiting companies Matt Hargett (Feb 25)
- RE: Consulting companies are not recruiting companies Mike Bailey (Feb 25)
- Re: Consulting companies are not recruiting companies Daniele Muscetta (Feb 26)
- Re: Consulting companies are not recruiting companies ken_i_m (Feb 26)
- Re: Consulting companies are not recruiting companies Daniele Muscetta (Feb 26)
- Re: Consulting companies are not recruiting companies Matt Hargett (Feb 26)
- Re: Consulting companies are not recruiting companies ken_i_m (Feb 26)
- Re: Consulting companies are not recruiting companies Rodney Thayer (Feb 25)