Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Best ROI Combination - Metasploit & Training
From: Josh More <jmore () starmind org>
Date: Fri, 7 Dec 2012 22:30:07 -0600

When I went through that exercise, we also moved from Nexpose with
Metasploit Pro down to just Nexpose and are now working with Nessus and a
handful of other open source tools.  I think the primary determining factor
is whether you want your team's intelligence in the people or in the
tools.  Both are valid choices, of course, but if you've got the good
people who are likely to stick around, it's going to be cheaper in the long
run to boost them.

For SANS courses, I think that any of them would be good, but you should
pick the one that you are least comfortable attending. That will maximize
your learning and minimize the amount of time you spend rehashing what you
already know.  The trick, I've found, is to keep the learning going after
you take a class.  if you do that, the specific class isn't going to matter
as much as the fact that you have a continual improvement process focused
on your people.

-Josh More



On Fri, Dec 7, 2012 at 3:39 PM, Arch Angel <arch3angel () gmail com> wrote:

Good Afternoon Everyone,

Our company is reviewing vulnerability management suites and Metasploit
for validation and penetation testing.  Right now we are leaning towards
Rapid7, but would like others opinions on Qualys, McAfee, nCircle, and
Lumension.  Rght now Rapid7 wants to sell us Nexpose with Metasploit Pro
and training.  I don't believe this will have the best ROI.  I believe that
we could purchase NexPose, use Metasploit Community, and go to SANs for the
training.  I believe this will be less expensive and be an overall better
choice in the long haul.

If SANS is choosen what courses would be the best over all for this
project?

My opinion are these courses, in order:

     SEC560: Network Penetration Testing and Ethical Hacking
     SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses
     SEC542: Web App Penetration Testing and Ethical Hacking

What are your opinions?

Thanks All!

Robert
(arch3angel)

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault