Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Ethical Hacking Training
From: "Rob Shein" <shoten () starpower net>
Date: Tue, 20 Jan 2004 13:47:24 -0500

As much as I think that it's valuable for security personnel to know how
their attackers think and operate, I think this particular analogy is
flawed.  Hacking is not part of the job, necessarily, any more than flying
is part of the programmers job in this example. I have known many excellent
security officers who couldn't run an exploit (and never had), but who
really knew their stuff and put it to use in real-world environments.  It is
possible to know how to defend a network without knowing the details of how
to break into it; you're defending against concepts, not keystrokes.

-----Original Message-----
From: Tim,,, [mailto:tim () spang org] On Behalf Of Tim Gurney
Sent: Monday, January 19, 2004 5:10 PM
To: Steve Kemp
Cc: Jimi Thompson; pen-test () securityfocus com
Subject: Re: Ethical Hacking Training

Mostly i lurk on thsi list, this this is a topic i feel 
strongly about.

Let me give you an example, would you employ someone to write 
code for a real time fly by wire system who had no experience 
of doing it ? NO!

So why employ a security officer who has no idea how to hack. 
If you dont know how to do it, you wont know how others do it 
and you wont know how to stop it.

you need to have "played the game" to know where to look, and 
how to read between the lines and have contacts in the 
underground groups.

Yes i am speaking from experience, i am a free lanse security 
consultant, and i have played the other side of the fence 
while at uni, and i dont trust any security specialist who 
hasnt done the same.

just my 2p



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]