suntzu – Hacking and the Security Professional
suntzu,
originally uploaded by elamb_blog.
I've been hacked a few times (that I know of). As a security professional, it is my belief that being hacked (or hacking… ethically) is the best way to learn about phishing, social engineering, buffer overflows, denial of service attacks, malware etc.
Unfortunately, a lot of “information security professionals” don't know anything about what hacking is or what hackers are all about. The term “hacker” is not always a criminal activity. Information Security professionals should have exposure to hacking like cops have exposure to drugs.
Of course, some information security professionals don't have anything to do with hacking or anything technical (as Martin McKeay has pointed out to me). My point is that all Security Professionals (including cops, investigators, even Infantry) should know their enemies and their enemies tactics.
Like a detective knowing the criminal mind.
It was Sun Tzu, ancient Chinese warrior, author of The Art of War, that said that you must “know your enemy” before going into battle. If “you know your enemy and know yourself,” he wrote, “you need not fear the result of a hundred battles.” Sun Tzu went on to say, “If you know yourself but not the enemy, every victory gained you will also suffer a defeat.”
And that is why I love going to Defcon. There is every spectrum of computer security aficionado.
http://elamb.blogharbor.com/hacked/igothacked.htm