RE: Ethical Hacking Training

["Rob Shein" <shoten () starpower net>]

As much as I think that it's valuable for security personnel to know how
their attackers think and operate, I think this particular analogy is
flawed.  Hacking is not part of the job, necessarily, any more than flying
is part of the programmers job in this example. I have known many excellent
security officers who couldn't run an exploit (and never had), but who
really knew their stuff and put it to use in real-world environments.  It is
possible to know how to defend a network without knowing the details of how
to break into it; you're defending against concepts, not keystrokes.

> -----Original Message-----
> From: Tim,,, [mailto:tim () spang org] On Behalf Of Tim Gurney
> Sent: Monday, January 19, 2004 5:10 PM
> To: Steve Kemp
> Cc: Jimi Thompson; pen-test () securityfocus com
> Subject: Re: Ethical Hacking Training
>
>
>
>
> Mostly i lurk on thsi list, this this is a topic i feel 
> strongly about.
>
> Let me give you an example, would you employ someone to write 
> code for a real time fly by wire system who had no experience 
> of doing it ? NO!
>
> So why employ a security officer who has no idea how to hack. 
> If you dont know how to do it, you wont know how others do it 
> and you wont know how to stop it.
>
> you need to have "played the game" to know where to look, and 
> how to read between the lines and have contacts in the 
> underground groups.
>
> Yes i am speaking from experience, i am a free lanse security 
> consultant, and i have played the other side of the fence 
> while at uni, and i dont trust any security specialist who 
> hasnt done the same.
>
> just my 2p
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------