Re: Ethical Hacking Training

From: Chris Kirschke (durnie@hushmail.com)
Date: Tue Jan 20 2004 - 16:05:24 EST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tim,

I disagree strongly with your statement "So why employ a security officer
who has no idea how to hack." I would not hire a technical staff level
person that doesn't know the ins & outs of "hacking" per se, I would
however hire a "security officer" that doesn't. An officer level position
isn't someone that sits and hacks, but spends the majority of their time
developing policy, strategy, budgets, project plans, managing staff,
etc... I cna tell you from experience that most "security officers" in
the Financial Services aren't spending their spare time "hacking" but
enjoying the time they get :-)

Or maybe we have different definitions of "officer: :-)

durnie

On Mon, 19 Jan 2004 14:10:27 -0800 Tim Gurney <tim@offswn.net> wrote:
>
>>
>Mostly i lurk on thsi list, this this is a topic i feel strongly
>about.
>
>Let me give you an example, would you employ someone to write code
>for a
>real time fly by wire system who had no experience of doing it ?
>NO!
>
>So why employ a security officer who has no idea how to hack. If
>you dont
>know how to do it, you wont know how others do it and you wont know
>how to
>stop it.
>
>you need to have "played the game" to know where to look, and how
>to read
>between the lines and have contacts in the underground groups.
>
>Yes i am speaking from experience, i am a free lanse security consultant,

>>
>and i have played the other side of the fence while at uni, and i
>dont
>trust any security specialist who hasnt done the same.
>
>just my 2p
>
>
>----------------------------------------------------------------
>-----------
>----------------------------------------------------------------
>------------
>
>
>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkANmLIACgkQ3UH5NRolsbajFwCePtpMI3o3x2YEwywwSCGlbapzlLIA
nicbUOAY8r9JaBjV8rl9z8hUo89Y
=DGkF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT