[Fwd: Re: My Frustrations]



Sat Jagat Singh wrote:

Having read your blog post, I would say that I share some of these
frustrations. But many organizations are really only trying to cover
their asses and put a check in the box to say that, yes we got an
assessment done to satisfy the letter of the regulations. These are
companies that are more concerned about the cost of the project than the
actual security. While such people tend to get what they deserve, it
does create a negative reputation for the profession as a whole.

Yes, I do think it is a "profession", but we have not
"professionalized" ourselves by requiring licensing. The industry
reliance on certification rather than licensing as a credential somewhat
serves to muddy the waters because the decision makers hiring security
consultants don't really know what a given certification covers. We
could debate the value of different certifications until the cows come
home but I don't want to insult anyone and we can probably agree that
too many of them do not guarantee that the holder has real
qualifications and the security unsavy will never really know how to
evaluate that. More and more I lean toward some form of professional
licensure. One of the states will have to move in this direction before
a serious debate about it will be opened. Until then, caveat emptor.


--- On Wed, 12/17/08, Adriel T. Desautels <ad_lists@xxxxxxxxxxxxx> wrote:


From: Adriel T. Desautels <ad_lists@xxxxxxxxxxxxx>
Subject: My Frustrations
To: "pen-test list" <pen-test@xxxxxxxxxxxxxxxxx>
Date: Wednesday, December 17, 2008, 11:19 AM
I recently wrote this blog entry and wanted to get some
comments from readers of this list. I'm frustrated with
the caliber of the people that are offering security
services and posing as experts, thats the subject of the
post. Please comment, insult, whatever... I'm
interested.

http://snosoft.blogspot.com/


Adriel T. Desautels
ad_lists@xxxxxxxxxxxxx




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



"
More and more I lean toward some form of professional licensure. One
of the states will have to move in this direction before a serious
debate about it will be opened. Until then, caveat emptor.
That makes the most sense. Now if it was only doable.

Maybe someone, with previous experience in IT that is a politician,
could move something like this forward.

I can foresee the future if that happens, though. Big companies with
lots of money would hire lobbyists to sway laws in directions that
limits their competition.

Sometimes, market and politics are a dangerous mix.



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



Relevant Pages

  • RE: My Frustrations
    ... If you are not an intended recipient you ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: My Frustrations
    ... Subject: My Frustrations ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • RE: Pen testing web servers
    ... I haven't had any hands-on time with NTOspider so am ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: OSCP
    ... I took the OSCP training earlier this year and thought it was fantastic. ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: Pen testing web servers
    ... If you want to pay for something like a scanner, well I can't really recommend one. ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)