Hacking + business savvy
Hackers and technical wizards that like to break things usually have their own l33t speek. But unfortunately, this does not translate very well in business. It's like speaking in two different languages, hacker talk and business spiel. You could argue it's more than two as you could be dealing with management, general IT and helpdesk. All of whom speak a different language. Anyways, in security consultancy, you do have to talk to the client and explain things in an easy understandable way, essentially in their language. This is well discussed in this securityfocus column. So it's like someone told me, "l33t speak evolved" and "pwntry with a touch of class".
Disclosure
Hackers and pen-testers naturally like to show off what exactly they can do by releasing vulnerabilities and attacks. This securityfocus column discusses how some MIT students were gagged by the MBTA from demonstrating their research at defcon despite discussions with them. Unfortunately, it is usual to shoot the messenger! There has been many a time, when a vulnerability has been found and the vendor contacted but very little happens for months. Hence some vulnerabilities can be released months even years after it was originally found. Should the vulnerability be released despite the contact with the vendor? Arguably they should be. If a customer has this issue, they should be aware of this and would like a solution. Ultimately it's the responsibility of the vendor. But unfortunately, it's usually the man-in-the-middle, the messenger, the security tester that gets the heat!
Subscribe to:
Post Comments (Atom)
1 comment:
Thanks for supporting the idea of 360 degree feedback. I’ve seen it create division in senior teams when handled incorrectly and seen transformation happen when used elegantly. It’s all about the intention and skill of those who facilitate the process.
Buy Medicine
Post a Comment