From: Derek Fountain (derekfountainyahoo.co.uk)
Date: Fri Jul 17 2009 - 16:35:47 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> However, I take issue with this:
>
>> • Ask them for the names of their security experts and then use tools
>> like Google, LinkedIn, Facebook and PIPL to do research on those
>> experts. If nothing comes up then chances are their experts aren’t
>> experts at all.

Yeah, I bristled at that too - apparently if you're not on those sites
you can't be an expert!

I was actually more aggrieved on the final point: the assumption that an
organisation that hasn't publicly demonstrated its research capabilities
on a selection of websites can't perform quality testing. Maybe I
misunderstand the point? It appears to be saying that in order to
demonstrate my abilities I should be doing research on, er, unspecified
things, then publishing the results of my research on the given
vulnerability databases? Personally, I don't do "research" of that
nature; what's the argument that says I need to do that in order to be
able to do quality testing on client's systems?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]