Penetration Testing mailing list archives
Re: Penetration tester or Ethical hacker future?
From: "crazy frog crazy frog" <i.m.crazy.frog () gmail com>
Date: Sun, 2 Sep 2007 18:25:56 +0530
Comments inline....
Most of you would be agreed that penetration testing market has became commodity. Moreover as a penetration tester, I agree that automated penetration testing tools like Core IMPACT, etc can never replace us as we still need to verify all the findings and identify false positive. Nothing wrong with those automated tools, I think really it's a great tool!
Everyone require some kind of tools to automate the task. Obiviously if you have a large network you are not going to manually check every port,service by your self.For that you need such tools.But these tools alone can not do the work you need qualified person who understand the results and then move forward with his own.
A decent penetration tester would typically have a broad range of IT skills from Operating System, Network to Programming. I also need to mention that these broad range of skills are not something that you could gain by working for 2-3 years, I believe that a good penetration tester could gain these broad ranges of skill in at least 5 years? Maybe more or less depending the person I guess. So I would expect for a company to hire these kind of penetration testers they need to spend a little bit of cash for their wages. To sum up, I think a penetration tester or ethical hacker has highly technical skills.
Yes skills are required.But it depends on the person to person .Every one grow with the time.
At the end of the day, Business is business. Who cares if you possess highly technical skills? The business and its people especially the C-executive level are only interested Whether your highly technical skill can bring more revenue or money to them? Right?
NO!!Don't think so.Up to a point you can impress client with your words after that you need to prove your self.Your work.if you don't do good work it will work first time Next time dont expect that client to give you another contract.
It is interesting that the top major reason why business now days considering pen testing on its agenda is because of compliance and as part of risk management agenda rather than security wise they need it or fear of someone can break in. So I strongly believe COMPLIANCE is still the main reason for any vulnerability testing activities in the company.
Compliance is one of the primary reason but it is not the alone.There are many more.If someone outsourcing his work then data security is the primary concern for him.
Now the question, I really want to know what is your thought on where the penetration testing market is going? Will the penetration tester job description will change over time because of the evolution of automated tools?
So far it looks good for next few years.We can not say its in mature state like antivirus. There is no universally accepted standards.You can say that it is just starting up to take the pace. HTH-- --------------------------------------- there is a contest on secgeeks: http://secgeeks.com/announcing_secgeeks_contest.html register here:- http://secgeeks.com/user/register rss feeds :- http://secgeeks.com/node/feed http://www.newskicks.com Submit and kick for new stories from all around the world. --------------------------------------- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Penetration tester or Ethical hacker future? James Kelly (Sep 04)
- <Possible follow-ups>
- Re: Re: Penetration tester or Ethical hacker future? shyaam (Sep 04)
- Re: Penetration tester or Ethical hacker future? crazy frog crazy frog (Sep 04)