Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Ethical Hacking Training
From: "Don Parker" <dparker () rigelksecurity com>
Date: Fri, 16 Jan 2004 18:56:40 -0500 (EST)

Evening gentlemen/ladies, this is one sore spot for me. These "Ethical Hacking" courses 
and others along this vein. These vendors need to be far more clear, as to exactly what a 
student will come away with, and what they should have knowledge wise prior to attending. 
I recently sent some feedback to Information Security Magazine in regards to their 
Technical Editor's take on one such course, (and the technical errors in his column).  The 
problem is that the security industry as a whole is becoming one big money machine. 

These courses are giving people unrealistic expectations of what they will know after one 
of these 1 week courses. Nothing wrong with trying to make a dollar, but one should be 
honest as well in the process. It is doing a great disservice to the industry as a whole 
to make people think that they will be a "hacker" after a 1 week course. It should be 
clearly stated that these courses are but an introduction into the world of the true 
hacker. It will be up to the student to make of it what they will, and then build upon it. 
Showing people what "Ethical Hacking" is all about is a laudable goal. The thing is we 
must not forget our own ethics along the way to doing so in pursuit of the almight dollar.

Sorry for the rant folks, but this hits a sore spot for me. 


Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
ph :613.249.8340

On Jan 16, "Andy Cuff [Talisker]" <lists () securitywizardry com> wrote:

Hi Rob,
I've seen something related this week, where a different up and coming
training company were insisting that their training must be good because
Intelligence Organisation X and Military Unit Y had used them in the past.
When in reality the attendees probably just fell on the course through
Google or preferably my site ;o)
I explained to the salesman that we would want to evaluate the course and
that if the course was as good as he claimed there would be no harm in
providing the eval course for free as we would have to come back for more.
Needless to say he said no, which made me suspicious.

In all seriousness in order to evaluate such a course fully you have to send
someone who has already attended at least one such course previously so that
you have a benchmark from which to base the evaluation on.  I try to explain
to the providers that as a customer I'm already losing a guy for a week,
paying for their accommodation for knowledge my guy most probably already
possesses.  You can also suggest to the provider that whoever attends the
course provide substantial constructive feedback (sing for their supper) I
can understand a providers reticence where you evaluate a course by sending
a newbie
If all that fails and you still can't get a freebie ask if you can attend a
future beta tests of  major revisions of the course you wish to attend.  Or
other courses offered so that you can at least test the facilities and
knowledge of the instructors.

Talisker Security Tools Directory
<a href='http://www.securitywizardry.com&apos;>http://www.securitywizardry.com</a>
----- Original Message ----- 
From: "Rob Shein" <shoten () starpower net>
To: "'Andy Cuff [Talisker]'" <lists () securitywizardry com>;
<pen-test () securityfocus com>
Sent: Friday, January 16, 2004 8:58 PM
Subject: RE: Ethical Hacking Training

One thing to watch out for is something Foundstone did at one point.  They
took note of the companies from which everyone came, and eventually ran a
rather large advertisement which named every company that in any way
competed with them, which further insinuated that these companies only
what they knew from attending Foundstone training.  I know this because
company I worked for at the time was named; one of our people had attended
seminar out of curiosity (he was let go as a result).



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]