tag:blogger.com,1999:blog-8539880144347728238.post3487908245592721019..comments2009-03-24T05:58:45.837-04:00CGhttp://www.blogger.com/profile/11061967917509053185noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-8539880144347728238.post-35662868397891657422008-03-12T23:19:00.000-04:002008-03-12T23:19:00.000-04:00Great post. I can relate to this in many ways as I have taken "heat" for outages during a pentest...not that I haven't taken anything down but I have been blamed for more that I didn't do.<BR/><BR/>When I worked for a company that never had a network pentest before I contracted a third-party to do the work, the very management that hired these guys got crazy pissed when the third-party pwnd the entire Windows domain...then yelled at me for hiring them. I left the company shortly after. :)Tomhttp://spylogic.netnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-3763376904651353072008-03-11T14:36:00.000-04:002008-03-11T14:36:00.000-04:00Vince, you make a good point -- it can be fun to make people look bad but it's not what we do. Most people in organizations don't get that. Most of our work is done to ensure that those people actually look better when they come to find that another company with a similar setup got hacked and they were already protected from it.<BR/><BR/>People should always try to fight the battle upfront instead of trying to put out the fire after the fact.srcashttp://srcasm.comnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-17067529526555755882008-03-09T07:27:00.000-04:002008-03-09T07:27:00.000-04:00Good post. I would say that 100% of the time there are "those" people in the organization that do not want you there and don't understand the reason you are actually there. We are not here to make people look bad, although it is fun to do, we are here to help people make their shit better. When we encounter people that act like jack asses we want to do the former.Vincehttp://www.blogger.com/profile/09556419908287937141noreply@blogger.com