Re: Starting a Pen-Testing Career
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: 28 Oct 2006 00:34:15 -0500
"erewhon" <sminkypinky@xxxxxxxxxxx> writes:
2) What is an average day of work like for you?
As someone on the end of reading security audit reports, can you:
1 - write high-level management reports, with scare stories to generate more
work?
2 - can you write down all the issues their own tech team tell you are
issues, and present this as your own work?
3 - can you state the bleeding obvious in an important-looking document -
'you need to patch your systems, have firewalls & IDS, do more monitoring,
QA your software, run up-to-date AV, limit admin accts, enforce password
policy, limit physical access, review security logs....'. (Since every firm
is always just one step behind in some area, you will always find an 'in').
If they are fully up-to-date and compliant, can you scare them with 0-day
exploits and more consultancy costs.
4 - can you steer someone else's cleverly written vulnerability scanner, and
produce reams of pdf reports which justifies your pointless exercise and
substantial contract fee
Pity.
Sounds like you have contracted someone doing vulnerability scanning
vs actual ethical hacking.
But it's funny cus the market does have a lot of such crap out there.
Best Regards,
--
Todd H.
http://www.toddh.net/
.
- Follow-Ups:
- Re: Starting a Pen-Testing Career
- From: erewhon
- Re: Starting a Pen-Testing Career
- References:
- Starting a Pen-Testing Career
- From: seraphimrhapsody
- Re: Starting a Pen-Testing Career
- From: erewhon
- Starting a Pen-Testing Career
- Prev by Date: Re: Why does every one hate Microsoft
- Next by Date: Re: Starting a Pen-Testing Career
- Previous by thread: Re: Starting a Pen-Testing Career
- Next by thread: Re: Starting a Pen-Testing Career
- Index(es):
Relevant Pages
|
