On 30-Sep-09, at 6:47 PM, Rich Kulawiec wrote:
> Now as to the first paragraph, I disagree there as well. One of
> the reasons why the security "industry" is a miserable failure (nod
> to Marcus Ranum) is our collective failure of imagination. We don't
^
^
> train people to think like attackers, and we do train them to deal
> with
> the attacks that we already know about. This Is Not Working. We need
> to train people to be ingenious, devious bastards (and bastardettes)
> because only then will they have the kind of mindset that's necessary
> to defend against the attacks we *don't* already know about.
Who's "we" white man?
I, and many of our Dojo instructors train people to think like
attackers.
A number of fine other places, also offer offensively minded training.
You can fault the IT industry for not allocating enough training budget
for these kinds of security courses, but you can't fault the security
industry
for not offering training in this area.
Speaking of which, I will take this opportunity to plug two of our
instructors
courses which have been now announced, Reverse Engineering Malware,
taught in Japanese by Yuji Ukai, and Java Source Code Auditing by Marc
Schoenefeld at Pacsec.
cheers,
--dr
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan November 4/5 2009 http://pacsec.jp
Vancouver, Canada March 22-26 http://cansecwest.com
Amsterdam, Netherlands June 16/17 http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
