[Hidden-tech] Firm to hire to try and hack our system

Neal Priestly neal.priestly at gmail.com
Tue Jul 5 08:36:27 EDT 2011


Andrew-

What's your goal, and what's the level of expertise you already have
in-house?  A simple in-house vulnerability scan is a completely different
animal from a full-on penetration test.  On the other hand, if you can't fly
through the first, you're likely wasting money on the second.  Odds are, if
whoever handles your tech is reasonably security minded then you're looking
at something at the lower end of that scale but not at the absolute bottom.
You don't want to engage a quality penetration tester unless 1) you've got
the basics covered or 2) you're looking to embark on a long term
consultative engagement to address security comprehensively over a series of
testing encounters.  (Unless, of course, you're dealing with a compliance
framework that requires periodic penetration testing - but usually people
working the check list parrot back the requirement when asking for
referrals.)

-Neal Priestly
 Free Range Technologist

On Mon, Jul 4, 2011 at 5:27 PM, <andrew at stakeholderscapital.com> wrote:

>   ** Be sure to fill out the survey/skills inventory in the member's area.
>   ** If you did, we all thank you.
>
>
> We would like to get estimates from firms who try to hack through security.
>
> If you do this, please contact me.
>
> Thanks,
> Andrew
> Sent from my BlackBerry® smartphone, powered by CREDO Mobile.
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20110705/eace3cda/attachment.html 


Google

More information about the Hidden-discuss mailing list