Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Ethical Hacking Training
From: "Chris Kirschke" <durnie () hushmail com>
Date: Tue, 20 Jan 2004 13:05:24 -0800

Hash: SHA1


I disagree strongly with your statement "So why employ a security officer
who has no idea how to hack."  I would not hire a technical staff level
person that doesn't know the ins & outs of "hacking" per se, I would
however hire a "security officer" that doesn't. An officer level position
isn't someone that sits and hacks, but spends the majority of their time
developing policy, strategy, budgets, project plans, managing staff,
etc... I cna tell you from experience that most "security officers" in
the Financial Services aren't spending their spare time "hacking" but
enjoying the time they get :-)

Or maybe we have different definitions of "officer: :-)


On Mon, 19 Jan 2004 14:10:27 -0800 Tim Gurney <tim () offswn net> wrote:

Mostly i lurk on thsi list, this this is a topic i feel strongly

Let me give you an example, would you employ someone to write code
for a
real time fly by wire system who had no experience of doing it ?

So why employ a security officer who has no idea how to hack. If
you dont
know how to do it, you wont know how others do it and you wont know
how to
stop it.

you need to have "played the game" to know where to look, and how
to read
between the lines and have contacts in the underground groups.

Yes i am speaking from experience, i am a free lanse security consultant,

and i have played the other side of the fence while at uni, and i
trust any security specialist who hasnt done the same.

just my 2p


Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]