Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: knowing their job (was: Re: Ethical Hacking Training

From: "Eric McCarty" <eric () lawmpd com>
Date: Tue, 20 Jan 2004 09:44:56 -0800
While everyone was busy conjuring up google searches for relevant
analogies I have thought about this issue and offer this advice.

1). To be successful at information security, you need to know how to
hack. You can't just run Windows Update and pretend that's all there is
to it. This means reading books, reviewing POC Code, keeping up on the
latest vuln's and exploits and recommended hardening procedures. 

2). You will not learn how to hack in a week. I'm willing to bet a lot
of the people in the infosec field today spent hours of our youth
mass-mailing copies of Warcraft 2 using Fate or Ice on Aol 2.5 while
phishing using Mass-IM'ers.

3). There is no reason for you not to know how to hack as well as
secure, how to exploit as well as patch. What possible reason could
there be for ignorance?. 

Eric McCarty
Sys Admin 
InfoSec Officer

-----Original Message-----
From: Teicher, Mark (Mark) [mailto:teicher () avaya com] 
Sent: Tuesday, January 20, 2004 9:01 AM
To: Meritt James; DeGennaro Gregory
Cc: Rob Shein; Andy Cuff [Talisker]; pen-test () securityfocus com
Subject: RE: knowing their job (was: Re: Ethical Hacking Training

James,

According to Sun Tzu author of "Art Of War" 
Attack by Strategem in regards to "Ethical Hacking" Training

"The general, unable to control his irritation, will launch his men to
the assault like swarming ants, with the result that one-third of his
men are slain, while the town still remains untaken.  Such are the
disastrous effects of a siege"

-----Original Message-----
From: Meritt James [mailto:meritt_james () bah com] 
Sent: Tuesday, January 20, 2004 9:50 AM
To: DeGennaro Gregory
Cc: Teicher, Mark (Mark); Rob Shein; Andy Cuff [Talisker];
pen-test () securityfocus com
Subject: knowing their job (was: Re: Ethical Hacking Training

In which event, they DON'T know their job, if their job is information
systems security.

Jim

"DeGennaro, Gregory" wrote:


"Know your enemy" is nice, "know your job" is, in my opinion, better."

There are a lot of professionals that know their job well and know 
nothing of Infosec.


--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: