Security Basics mailing list archives

RE: Identifying passion for security?

From: "Shain Singh" <shain.singh () aapt com au>
Date: Tue, 5 Dec 2006 19:20:44 +1100

andy cuff wrote:


So how would you identify passion quickly, personally I like 
what cons have you 
been to? If they are passionate but poor they would reply 
none but I'd like 
to ....  What books have they bought,    what tools do they 
use    what sites 
do they visit      email them at night and see how long it 
takes them to reply


You can identify someone who knows about security I think if they can reply
with something more than "I know about CheckPoint/Cisco PIX/[insert Vendor
name here] firewall" - then you know you're dealing with someone who treats
Security as a buzzword or an afterthought of being a SysAdmin.

In an ideal world a SysAdmin is the Security Administrator, but hey I
remember 20 years ago when knowing how to fix computers meant you pretty
much knew everything there was to know about computers (within reason of
course).

It's such a broad area nowadays that it really depends on what roles you're
talking about, acting as a consultant for Risk Management and doing security
audits is different to being a Penetration Tester.

Tools-wise you can't go past someone who knows their Perl, C, bit of
Assembly thrown in with a good mix of the trusty old nmap, netcat and
tcpdump.

Most people nowadays would be able to learn how to use Nessus, or even
easier the Metasploit Framework to make cracking a breeze.

Maybe I'm getting jaded and showing my age too ;)


--
Shaineel Singh
MakePeace Media LTD
 
http://mpm.org.au/shsingh
pgp id:  0xA9D8D351
fp: 38 0D A8 C8 74 A2 33 5E CE 0E 5A FA D5 A0 04 7C
 
This message was written entirely with recycled electrons.


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------

Current thread:

Identifying passion for security? andy cuff (Dec 04)
- RE: Identifying passion for security? Shain Singh (Dec 06)
- RE: Identifying passion for security? Don Parker (Dec 06)
- Re: Identifying passion for security? Jason Muskat, GCFA, GCUX, de VE3TSJ (Dec 06)
- Re: Identifying passion for security? Morgan Reed (Dec 06)
- Re: Identifying passion for security? Justin Lintz (Dec 06)
- <Possible follow-ups>
- Re: Identifying passion for security? krymson (Dec 06)
- RE: Identifying passion for security? Krpata, Tyler (Dec 08)
- Re: RE: Identifying passion for security? bardotherevolting (Dec 12)
  - Re: RE: Identifying passion for security? Yousef Syed (Dec 12)
    - RE: RE: Identifying passion for security? Shain Singh (Dec 14)
  - Re[3]: Identifying passion for security? Roman Shirokov (Dec 13)

(Thread continues...)