From: Teicher, Mark (Mark) (teicher@avaya.com)
Date: Tue Jan 20 2004 - 13:08:26 EST
Eric,
I disagree, although you do have some valid points. To be successful,
one needs to have hands-on knowledge of various operating system
administration, configuration, security. The other aspect, one needs to
have a good development background to understand whether published
exploits actually are valid and are then applicable to the systems one
maintains.
/mark
-----Original Message-----
From: Eric McCarty [mailto:eric@lawmpd.com]
Sent: Tuesday, January 20, 2004 10:45 AM
To: Teicher, Mark (Mark); Meritt James; DeGennaro Gregory
Cc: Rob Shein; Andy Cuff [Talisker]; pen-test@securityfocus.com
Subject: RE: knowing their job (was: Re: Ethical Hacking Training
While everyone was busy conjuring up google searches for relevant
analogies I have thought about this issue and offer this advice.
1). To be successful at information security, you need to know how to
hack. You can't just run Windows Update and pretend that's all there is
to it. This means reading books, reviewing POC Code, keeping up on the
latest vuln's and exploits and recommended hardening procedures.
2). You will not learn how to hack in a week. I'm willing to bet a lot
of the people in the infosec field today spent hours of our youth
mass-mailing copies of Warcraft 2 using Fate or Ice on Aol 2.5 while
phishing using Mass-IM'ers.
3). There is no reason for you not to know how to hack as well as
secure, how to exploit as well as patch. What possible reason could
there be for ignorance?.
Eric McCarty
Sys Admin
InfoSec Officer
-----Original Message-----
From: Teicher, Mark (Mark) [mailto:teicher@avaya.com]
Sent: Tuesday, January 20, 2004 9:01 AM
To: Meritt James; DeGennaro Gregory
Cc: Rob Shein; Andy Cuff [Talisker]; pen-test@securityfocus.com
Subject: RE: knowing their job (was: Re: Ethical Hacking Training
James,
According to Sun Tzu author of "Art Of War"
Attack by Strategem in regards to "Ethical Hacking" Training
"The general, unable to control his irritation, will launch his men to
the assault like swarming ants, with the result that one-third of his
men are slain, while the town still remains untaken. Such are the
disastrous effects of a siege"
-----Original Message-----
From: Meritt James [mailto:meritt_james@bah.com]
Sent: Tuesday, January 20, 2004 9:50 AM
To: DeGennaro Gregory
Cc: Teicher, Mark (Mark); Rob Shein; Andy Cuff [Talisker];
pen-test@securityfocus.com
Subject: knowing their job (was: Re: Ethical Hacking Training
In which event, they DON'T know their job, if their job is information
systems security.
Jim
"DeGennaro, Gregory" wrote:
>
> "Know your enemy" is nice, "know your job" is, in my opinion, better."
>
> There are a lot of professionals that know their job well and know
> nothing of Infosec.
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT