Penetration Testing mailing list archives
RE: knowing their job (was: Re: Ethical Hacking Training
From: "Eric McCarty" <eric () lawmpd com>
Date: Tue, 20 Jan 2004 09:44:56 -0800
While everyone was busy conjuring up google searches for relevant analogies I have thought about this issue and offer this advice. 1). To be successful at information security, you need to know how to hack. You can't just run Windows Update and pretend that's all there is to it. This means reading books, reviewing POC Code, keeping up on the latest vuln's and exploits and recommended hardening procedures. 2). You will not learn how to hack in a week. I'm willing to bet a lot of the people in the infosec field today spent hours of our youth mass-mailing copies of Warcraft 2 using Fate or Ice on Aol 2.5 while phishing using Mass-IM'ers. 3). There is no reason for you not to know how to hack as well as secure, how to exploit as well as patch. What possible reason could there be for ignorance?. Eric McCarty Sys Admin InfoSec Officer -----Original Message----- From: Teicher, Mark (Mark) [mailto:teicher () avaya com] Sent: Tuesday, January 20, 2004 9:01 AM To: Meritt James; DeGennaro Gregory Cc: Rob Shein; Andy Cuff [Talisker]; pen-test () securityfocus com Subject: RE: knowing their job (was: Re: Ethical Hacking Training James, According to Sun Tzu author of "Art Of War" Attack by Strategem in regards to "Ethical Hacking" Training "The general, unable to control his irritation, will launch his men to the assault like swarming ants, with the result that one-third of his men are slain, while the town still remains untaken. Such are the disastrous effects of a siege" -----Original Message----- From: Meritt James [mailto:meritt_james () bah com] Sent: Tuesday, January 20, 2004 9:50 AM To: DeGennaro Gregory Cc: Teicher, Mark (Mark); Rob Shein; Andy Cuff [Talisker]; pen-test () securityfocus com Subject: knowing their job (was: Re: Ethical Hacking Training In which event, they DON'T know their job, if their job is information systems security. Jim "DeGennaro, Gregory" wrote:
"Know your enemy" is nice, "know your job" is, in my opinion, better." There are a lot of professionals that know their job well and know nothing of Infosec.
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: knowing their job (was: Re: Ethical Hacking Training Teicher, Mark (Mark) (Jan 20)
- <Possible follow-ups>
- RE: knowing their job (was: Re: Ethical Hacking Training Eric McCarty (Jan 20)
- RE: knowing their job (was: Re: Ethical Hacking Training Teicher, Mark (Mark) (Jan 20)