RE: Ethical Hacking Training

From: Rob Shein (shoten@starpower.net)
Date: Tue Jan 20 2004 - 13:47:24 EST

• Next message: Chris Kirschke: "Re: Ethical Hacking Training"
• Previous message: Alfred Huger: "Replies on the list."
• In reply to: Tim Gurney: "Re: Ethical Hacking Training"
• Next in thread: Don Parker: "Re: Ethical Hacking Training"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As much as I think that it's valuable for security personnel to know how
their attackers think and operate, I think this particular analogy is
flawed. Hacking is not part of the job, necessarily, any more than flying
is part of the programmers job in this example. I have known many excellent
security officers who couldn't run an exploit (and never had), but who
really knew their stuff and put it to use in real-world environments. It is
possible to know how to defend a network without knowing the details of how
to break into it; you're defending against concepts, not keystrokes.

> -----Original Message-----
> From: Tim,,, [mailto:tim@spang.org] On Behalf Of Tim Gurney
> Sent: Monday, January 19, 2004 5:10 PM
> To: Steve Kemp
> Cc: Jimi Thompson; pen-test@securityfocus.com
> Subject: Re: Ethical Hacking Training
>
>
>
>
> Mostly i lurk on thsi list, this this is a topic i feel
> strongly about.
>
> Let me give you an example, would you employ someone to write
> code for a real time fly by wire system who had no experience
> of doing it ? NO!
>
> So why employ a security officer who has no idea how to hack.
> If you dont know how to do it, you wont know how others do it
> and you wont know how to stop it.
>
> you need to have "played the game" to know where to look, and
> how to read between the lines and have contacts in the
> underground groups.
>
> Yes i am speaking from experience, i am a free lanse security
> consultant, and i have played the other side of the fence
> while at uni, and i dont trust any security specialist who
> hasnt done the same.
>
> just my 2p
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Chris Kirschke: "Re: Ethical Hacking Training"
• Previous message: Alfred Huger: "Replies on the list."
• In reply to: Tim Gurney: "Re: Ethical Hacking Training"
• Next in thread: Don Parker: "Re: Ethical Hacking Training"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT