Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: My Frustrations
From: Alex Moen <alexm () ndtel com>
Date: Thu, 18 Dec 2008 09:31:28 -0600

Adriel,

I am, by no means whatsoever, an experienced, professional, or even focused pentester, but rather an experienced, profesional, focused network administrator that is very interested in pen testing for my own knowledge and security of my systems. I would expect some questions like the ones that you are discussing to come from someone like me... :)

However, I do agree with you that someone calling themselves a security professional or pentester, and charging for their services, should not be asking "basic" or low-level questions, especially on a public forum such as this. I would think that there would be a level of pride or whatever that would prevent that to a degree, however, I have always lived by the idea that there is nothing wrong with asking questions, nor are there any stupid questions. At least the professional that is asking questions is trying to improve himself in this regard, and is probably sensitive to his limitations... The people that really get to me are the ones who do not ask any questions and are secure that they know everything and that they are always right, even when I can prove them wrong. I sometimes ask some pretty silly questions in respect to my job, although they don't always seem silly at the time of the asking and earn a heel-of-the-palm-to-the-forehead from myself in retrospect.

This is not a problem isolated to the security professional world, however. It is, afaik, in *every* profession. Our company does web and e-mail hosting, PC repair, and network services as well as ISP services, and we have competition in all of those arenas. Some of the competitors are competent professionals, others are fly-by-night half-wits that talk themselves into the graces of the customers. Those customers eventually get burned and come back to us. It is really up to the customer to determine whom to trust and not to trust, and to do background checks and get information and referrals about the companies that they are doing business with, and if they get burned it is no one's fault but their own. Also, it may be a company trying to save a few bucks by hiring the cheapest workforce that they can, rather than the best. For whatever reason, tho, the poor performers never seem to go out of business and keep rearing their ugly heads and leaving messes for the rest of us to clean up...

Anyway, that's my 2 cents on the whole issue. Hopefully my opinion doesn't earn a bunch of flames. Just keep doing the best job that you can, and remember that the cream always flows to the top.

Alex



Adriel T. Desautels wrote:
I recently wrote this blog entry and wanted to get some comments from readers of this list. I'm frustrated with the caliber of the people that are offering security services and posing as experts, thats the subject of the post. Please comment, insult, whatever... I'm interested.

http://snosoft.blogspot.com/


Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]