Penetration Testing mailing list archives
Re: Ethical Hacking Training
From: "Don Parker" <dparker () rigelksecurity com>
Date: Fri, 16 Jan 2004 18:56:40 -0500 (EST)
Evening gentlemen/ladies, this is one sore spot for me. These "Ethical Hacking" courses and others along this vein. These vendors need to be far more clear, as to exactly what a student will come away with, and what they should have knowledge wise prior to attending. I recently sent some feedback to Information Security Magazine in regards to their Technical Editor's take on one such course, (and the technical errors in his column). The problem is that the security industry as a whole is becoming one big money machine. These courses are giving people unrealistic expectations of what they will know after one of these 1 week courses. Nothing wrong with trying to make a dollar, but one should be honest as well in the process. It is doing a great disservice to the industry as a whole to make people think that they will be a "hacker" after a 1 week course. It should be clearly stated that these courses are but an introduction into the world of the true hacker. It will be up to the student to make of it what they will, and then build upon it. Showing people what "Ethical Hacking" is all about is a laudable goal. The thing is we must not forget our own ethics along the way to doing so in pursuit of the almight dollar. Sorry for the rant folks, but this hits a sore spot for me. Cheers ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- On Jan 16, "Andy Cuff [Talisker]" <lists () securitywizardry com> wrote: Hi Rob, I've seen something related this week, where a different up and coming training company were insisting that their training must be good because Intelligence Organisation X and Military Unit Y had used them in the past. When in reality the attendees probably just fell on the course through Google or preferably my site ;o) I explained to the salesman that we would want to evaluate the course and that if the course was as good as he claimed there would be no harm in providing the eval course for free as we would have to come back for more. Needless to say he said no, which made me suspicious. In all seriousness in order to evaluate such a course fully you have to send someone who has already attended at least one such course previously so that you have a benchmark from which to base the evaluation on. I try to explain to the providers that as a customer I'm already losing a guy for a week, paying for their accommodation for knowledge my guy most probably already possesses. You can also suggest to the provider that whoever attends the course provide substantial constructive feedback (sing for their supper) I can understand a providers reticence where you evaluate a course by sending a newbie . If all that fails and you still can't get a freebie ask if you can attend a future beta tests of major revisions of the course you wish to attend. Or other courses offered so that you can at least test the facilities and knowledge of the instructors. Talisker Security Tools Directory <a href='http://www.securitywizardry.com'>http://www.securitywizardry.com</a> ----- Original Message ----- From: "Rob Shein" <shoten () starpower net> To: "'Andy Cuff [Talisker]'" <lists () securitywizardry com>; <pen-test () securityfocus com> Sent: Friday, January 16, 2004 8:58 PM Subject: RE: Ethical Hacking Training
One thing to watch out for is something Foundstone did at one point. They took note of the companies from which everyone came, and eventually ran a rather large advertisement which named every company that in any way competed with them, which further insinuated that these companies only
knew
what they knew from attending Foundstone training. I know this because
the
company I worked for at the time was named; one of our people had attended
a
seminar out of curiosity (he was let go as a result).
--------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Ethical Hacking Training, (continued)
- Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 16)
- RE: Ethical Hacking Training rob (Jan 18)
- Re: Ethical Hacking Training Jeremiah Cornelius (Jan 18)
- Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 16)
- SUMMARY: Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 19)
- RE: Ethical Hacking Training charl van der walt (Jan 16)
- RE: Ethical Hacking Training Teicher, Mark (Mark) (Jan 18)
- Re: Ethical Hacking Training Jimi Thompson (Jan 19)
- Re: Ethical Hacking Training Steve Kemp (Jan 19)
- Re: Ethical Hacking Training Tim Gurney (Jan 20)
- RE: Ethical Hacking Training Rob Shein (Jan 20)
- Re: Ethical Hacking Training Jimi Thompson (Jan 19)
- RE: Ethical Hacking Training Pete Herzog (Jan 19)
- Re: Ethical Hacking Training Mike Hoskins (Jan 20)
- Re: Ethical Hacking Training Meritt James (Jan 19)
- Re: Ethical Hacking Training Stormwalker (Jan 20)
- RE: Ethical Hacking Training Kurt (Jan 20)
- Re: Ethical Hacking Training Kevin Johnson (Jan 20)