OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
RE: Now I truly have seen EVERYTHING!!

From: Jonathan Cran (jcran0x0e.org)
Date: Wed Aug 26 2009 - 12:33:55 CDT

Yep, requiring PM isn't as strange as you might think. Pentesting ends up being a lot of mini-project management by the time you take everyone's input into what questions need to be answered (who / what are you trying to protect against?) and manage their expectations for contact and deliverables.

It is a bit strange to require both in the same person, but I can definitely see the value in knowing how to handle larger projects and do security testing...


jcran

> -----Original Message-----
> From: listbouncesecurityfocus.com
> [mailto:listbouncesecurityfocus.com] On Behalf Of
> Bobby.Clarkesealedair.com
> Sent: Tuesday, August 25, 2009 4:35 PM
> To: listbouncesecurityfocus.com; Pentest
> Subject: Re: Now I truly have seen EVERYTHING!!
>
> If the organization uses a PMO to manage projects and follow a
> particular
> project management methodology this makes sense. We have worked with
> several major security organizations whose staff were PMP certified
> along
> with CISSP and GIAC certifications.
>
> Bobby Clarke CISSP, GSEC, GCIH, GSAE
>
>
>
>
>
> Jon Kibler <Jon.Kibleraset.com>
> Sent by: listbouncesecurityfocus.com
> 08/24/2009 03:13 PM
> Please respond to
> Jon.Kibleraset.com
>
>
> To
> Pentest <pen-testsecurityfocus.com>
> cc
>
> Subject
> Now I truly have seen EVERYTHING!!
>
>
>
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I was scanning through Dice looking for a new pen testing gig and came
> across this:
>
> http://seeker.dice.com/jobsearch/servlet/JobSearch?op=302&dockey=xml/c/
> 0/c00ff435b99c8c09afa2fd2244437289endecaindex&source=19&FREE_TEXT=%22p
> enetration+test%22+CEH+GIAC+hacker&rating=99
>
>
> For a Security Architect / Pen Tester gig, they want PMP
> certification?? I
> guess
> they must now include a lot of security requirements to become a
> certified
> project manager!
>
> What next?
>
> Jon K
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC USA
> o: 843-849-8214
> c: 843-813-2924 (NEW!)
> s: 843-564-4224
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkqSbWsACgkQUVxQRc85QlMWlQCfSmiJQXcqOSoScE6yGjdAeGre
> z6oAoIfWRbJWWNtYqdYTB0U7KXNJi1q6
> =UBud
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
>
> -----------------------------------------------------------------------
> -
> This list is sponsored by: Information Assurance Certification Review
> Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require
> a
> full practical examination in order to become certified.
>
> http://www.iacertification.org
> -----------------------------------------------------------------------
> -
>
>
> -----------------------------------------------------------------------
> -
> This list is sponsored by: Information Assurance Certification Review
> Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require
> a full practical examination in order to become certified.
>
> http://www.iacertification.org
> -----------------------------------------------------------------------
> -