Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Ethical Hacking Training
From: "Don Parker" <dparker () rigelksecurity com>
Date: Tue, 20 Jan 2004 18:26:30 -0500 (EST)

That is very much flawed reasoning Rob. It is fine to understand things at a theoritical 
level. You do however also need to be able to implement things at a technical level as 
well. Take for example using an application layer f/w to help prevent the normal rash of 
exploit code sent against applications. Some will still get through depending on the 
programmers skill level. You will still need to recognize an egg when you see it on the 
wire though. This is what I mean by understanding not only the theoritical if you like, 
but also more importantly the technical as well. 

Not to open up another huge can of worms here but I liken your argument to "a CISSP will 
be able to do a fine job as a security officer". I would obviously disagree. You want 
someone with technical skills, and not the management type mindset and skill level. Each 
has their value. What is needed is though is a blend of both.


Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
ph :613.249.8340

On Jan 20, "Rob Shein" <shoten () starpower net> wrote:

As much as I think that it's valuable for security personnel to know how
their attackers think and operate, I think this particular analogy is
flawed.  Hacking is not part of the job, necessarily, any more than flying
is part of the programmers job in this example. I have known many excellent
security officers who couldn't run an exploit (and never had), but who
really knew their stuff and put it to use in real-world environments.  It is
possible to know how to defend a network without knowing the details of how
to break into it; you're defending against concepts, not keystrokes.

<snip for b/w>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]