Comments on: The Dilution of Pentesting http://danielmiessler.com/blog/the-dilution-of-pentesting grep understanding Sun, 29 Jan 2012 20:44:46 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Alex Hutton http://danielmiessler.com/blog/the-dilution-of-pentesting/comment-page-1#comment-2208 Alex Hutton Sat, 17 Dec 2005 15:24:29 +0000 http://dmiessler.com/archives/594#comment-2208 <p>Penetration Testing is already seen as a commodity. Work plans that were $50,000 4 years ago are now awareded for $12,000. CFO's don't care. To make matters worse, you might be asked for a Risk Assessment, and be underbid by two guys a laptop and Nessus performing a Vulnerability Assessment and taking advantage of uneducated consumers.</p> Penetration Testing is already seen as a commodity. Work plans that were $50,000 4 years ago are now awareded for $12,000. CFO’s don’t care. To make matters worse, you might be asked for a Risk Assessment, and be underbid by two guys a laptop and Nessus performing a Vulnerability Assessment and taking advantage of uneducated consumers.

]]> By: Alex Hutton http://danielmiessler.com/blog/the-dilution-of-pentesting/comment-page-1#comment-245669 Alex Hutton Sat, 17 Dec 2005 15:24:00 +0000 http://dmiessler.com/archives/594#comment-245669 <p>Penetration Testing is already seen as a commodity. Work plans that were $50,000 4 years ago are now awareded for $12,000. CFO's don't care. To make matters worse, you might be asked for a Risk Assessment, and be underbid by two guys a laptop and Nessus performing a Vulnerability Assessment and taking advantage of uneducated consumers.</p> Penetration Testing is already seen as a commodity. Work plans that were $50,000 4 years ago are now awareded for $12,000. CFO’s don’t care. To make matters worse, you might be asked for a Risk Assessment, and be underbid by two guys a laptop and Nessus performing a Vulnerability Assessment and taking advantage of uneducated consumers.

]]> By: Daniel http://danielmiessler.com/blog/the-dilution-of-pentesting/comment-page-1#comment-2192 Daniel Wed, 14 Dec 2005 15:02:24 +0000 http://dmiessler.com/archives/594#comment-2192 <p>Good points. :)</p> Good points. :)

]]> By: Daniel http://danielmiessler.com/blog/the-dilution-of-pentesting/comment-page-1#comment-245668 Daniel Wed, 14 Dec 2005 15:02:00 +0000 http://dmiessler.com/archives/594#comment-245668 <p>Good points. :)</p> Good points. :)

]]> By: Rob http://danielmiessler.com/blog/the-dilution-of-pentesting/comment-page-1#comment-2191 Rob Wed, 14 Dec 2005 14:38:13 +0000 http://dmiessler.com/archives/594#comment-2191 <p>Won't experience continue to separate the men from the boys? Maybe this will help the very best to service more customers more efficiently, and reduce customer costs.</p> <p>Besides, someone wrote that information security is not a permanent cashcow. When new o/s technologies arrive on the scene, much of the status quo will become obsolete. Nothing stays the same forever, except maybe for the idiocy. Since those new technologies will probably also protect users from themselves, perhaps even idiocy will be diluted as well.</p> Won’t experience continue to separate the men from the boys? Maybe this will help the very best to service more customers more efficiently, and reduce customer costs.

Besides, someone wrote that information security is not a permanent cashcow. When new o/s technologies arrive on the scene, much of the status quo will become obsolete. Nothing stays the same forever, except maybe for the idiocy. Since those new technologies will probably also protect users from themselves, perhaps even idiocy will be diluted as well.

]]> By: Rob http://danielmiessler.com/blog/the-dilution-of-pentesting/comment-page-1#comment-245667 Rob Wed, 14 Dec 2005 14:38:00 +0000 http://dmiessler.com/archives/594#comment-245667 <p>Won't experience continue to separate the men from the boys? Maybe this will help the very best to service more customers more efficiently, and reduce customer costs.</p> <p>Besides, someone wrote that information security is not a permanent cashcow. When new o/s technologies arrive on the scene, much of the status quo will become obsolete. Nothing stays the same forever, except maybe for the idiocy. Since those new technologies will probably also protect users from themselves, perhaps even idiocy will be diluted as well.</p> Won’t experience continue to separate the men from the boys? Maybe this will help the very best to service more customers more efficiently, and reduce customer costs.

Besides, someone wrote that information security is not a permanent cashcow. When new o/s technologies arrive on the scene, much of the status quo will become obsolete. Nothing stays the same forever, except maybe for the idiocy. Since those new technologies will probably also protect users from themselves, perhaps even idiocy will be diluted as well.

]]> By: Dave http://danielmiessler.com/blog/the-dilution-of-pentesting/comment-page-1#comment-2189 Dave Tue, 13 Dec 2005 23:09:06 +0000 http://dmiessler.com/archives/594#comment-2189 <p>I think you've just found the line between Analysts and Engineers.</p> <p>A growing trend in security is to lower the costs of it. Companies are starting to hire one or two Engineers and leave the rest of the work to Analysts. Like the System Admin and Operator scenario.</p> <p>Sorry to spam the hell out of your blog today =)</p> I think you’ve just found the line between Analysts and Engineers.

A growing trend in security is to lower the costs of it. Companies are starting to hire one or two Engineers and leave the rest of the work to Analysts. Like the System Admin and Operator scenario.

Sorry to spam the hell out of your blog today =)

]]> By: Dave http://danielmiessler.com/blog/the-dilution-of-pentesting/comment-page-1#comment-245666 Dave Tue, 13 Dec 2005 23:09:00 +0000 http://dmiessler.com/archives/594#comment-245666 <p>I think you've just found the line between Analysts and Engineers.</p> <p>A growing trend in security is to lower the costs of it. Companies are starting to hire one or two Engineers and leave the rest of the work to Analysts. Like the System Admin and Operator scenario.</p> <p>Sorry to spam the hell out of your blog today =)</p> I think you’ve just found the line between Analysts and Engineers.

A growing trend in security is to lower the costs of it. Companies are starting to hire one or two Engineers and leave the rest of the work to Analysts. Like the System Admin and Operator scenario.

Sorry to spam the hell out of your blog today =)

]]>