An excellent CI related blog, Brand Killer Robots, offers this fun comparison of the black-hat hacker and the good guy training people to protect their assets.
Why have Ethical Hacker Training companies got it so wrong?
We ask, just who are the people that you are sending on Ethical hacker training courses and why are you sending them?
So lets first look at the white hats.
Profile: Computer Science graduate working in corporate IT for about 5 years say, or network engineer or manager who has been treading the boards for about 7 years.
Ok, now lets look at the black hats.Profile: Yuan Lopez, 33 from Paraiba, Brazil. (convicted 3 times for purgery, forgery and counterfeiting). Ex bank worker and trader. 2 ex wives, 10 kids and likes a little bit of the white snorty, snorty stuff every now and again.
Ok now, lets look at the Ethical Hacker trainer.Profile: Ex Network Guru, Programmer, with an arm load of IT security certificates, from here to Amsterdam. Tony also worked in the military intelligence services where he is used to working in high security IT environments. His forte is social engineering, where he tells loads of cool stories about intrusion and deception attacks (as presumeably made up by Kevin Mitnick) and how they are common place and how through analogy you will learn many of the most frequent attack patterns.
Do you really think that Peter the IT engineer has a cat in hells chance of repelling an attack from a sophisticated, finance-savvy bandit like Mr Juan Lopez. Just how many angles are there to an attack anyway? Can you really cover them all?
0 Responses to “Why Ethical Hacker Training Fails”