Penetration Testing mailing list archives
RE: Ethical Hacking Training
From: "Rob Shein" <shoten () starpower net>
Date: Tue, 20 Jan 2004 13:47:24 -0500
As much as I think that it's valuable for security personnel to know how their attackers think and operate, I think this particular analogy is flawed. Hacking is not part of the job, necessarily, any more than flying is part of the programmers job in this example. I have known many excellent security officers who couldn't run an exploit (and never had), but who really knew their stuff and put it to use in real-world environments. It is possible to know how to defend a network without knowing the details of how to break into it; you're defending against concepts, not keystrokes.
-----Original Message----- From: Tim,,, [mailto:tim () spang org] On Behalf Of Tim Gurney Sent: Monday, January 19, 2004 5:10 PM To: Steve Kemp Cc: Jimi Thompson; pen-test () securityfocus com Subject: Re: Ethical Hacking Training Mostly i lurk on thsi list, this this is a topic i feel strongly about. Let me give you an example, would you employ someone to write code for a real time fly by wire system who had no experience of doing it ? NO! So why employ a security officer who has no idea how to hack. If you dont know how to do it, you wont know how others do it and you wont know how to stop it. you need to have "played the game" to know where to look, and how to read between the lines and have contacts in the underground groups. Yes i am speaking from experience, i am a free lanse security consultant, and i have played the other side of the fence while at uni, and i dont trust any security specialist who hasnt done the same. just my 2p -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Ethical Hacking Training, (continued)
- RE: Ethical Hacking Training Rob Shein (Jan 16)
- Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 16)
- RE: Ethical Hacking Training rob (Jan 18)
- Re: Ethical Hacking Training Jeremiah Cornelius (Jan 18)
- Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 16)
- SUMMARY: Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 19)
- RE: Ethical Hacking Training charl van der walt (Jan 16)
- RE: Ethical Hacking Training Teicher, Mark (Mark) (Jan 18)
- Re: Ethical Hacking Training Jimi Thompson (Jan 19)
- Re: Ethical Hacking Training Steve Kemp (Jan 19)
- Re: Ethical Hacking Training Tim Gurney (Jan 20)
- RE: Ethical Hacking Training Rob Shein (Jan 20)
- Re: Ethical Hacking Training Jimi Thompson (Jan 19)
- RE: Ethical Hacking Training Rob Shein (Jan 16)
- RE: Ethical Hacking Training Pete Herzog (Jan 19)
- Re: Ethical Hacking Training Mike Hoskins (Jan 20)
- Re: Ethical Hacking Training Meritt James (Jan 19)
- Re: Ethical Hacking Training Stormwalker (Jan 20)
- RE: Ethical Hacking Training Kurt (Jan 20)
- Re: Ethical Hacking Training Kevin Johnson (Jan 20)