tag:blogger.com,1999:blog-4088979.post8554252308209194691..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Clueless ConsultantsRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-4088979.post-52726593101075713902009-06-16T07:13:05.087-04:002009-06-16T07:13:05.087-04:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-9150276640171710312007-05-31T09:29:00.000-04:002007-05-31T09:29:00.000-04:00I think your dead on with your assessment. I place...I think your dead on with your assessment. I place most of the blame on the companies that hire these twits. They apply the infamous "Checkbox" mentality to security, combined with the desire to save a buck. This results in a false sense of security and generally leads to disaster and more consultants. I don't see anyway to fix it though, along as companies continue to be lazy and uneducated about their security and continue to "go cheap", there will be a market for security charlatans.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-91195058957330961362007-05-31T01:01:00.000-04:002007-05-31T01:01:00.000-04:00I've been thinking for years about how I need to w...I've been thinking for years about how I need to write up a stock reply to people who post to the pen-test mailing list with stupid questions. If they need to ask that question, they need not be doing the work. Period. <BR/><BR/>At least once or twice a month somebody pops in with almost the exact same pen test question as quoted above, it wrenches my gut every time and still irks me though I've seen it for years...Chris Buechlerhttps://www.blogger.com/profile/14915136057838042206noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-72454738362380903062007-05-30T16:06:00.000-04:002007-05-30T16:06:00.000-04:00Maybe the old saying should be changed to "Those w...Maybe the old saying should be changed to "Those who don't know consult"...<BR/><BR/>In regards to the above posters comments, depending on the field, no everything can be memorized in your head. Would your client have preferred if the consultant referenced a book instead of Google? If you have a body of knowledge at your disposal, shouldn't you use it? Thats a bit elitist. If he was tired of hot shot consultants, maybe he should stop hiring them.John Wardhttps://www.blogger.com/profile/10741149622435353727noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-81174968937697042612007-05-30T05:47:00.000-04:002007-05-30T05:47:00.000-04:00Hi Richard,I could not agree more! It is very impo...Hi Richard,<BR/>I could not agree more! <BR/>It is very important to know your areas of expertise and build a network of resources to shift the projects you are not able to deliver yourself. <BR/>A client of mine once said that he was so darn tired of hot shot consultants that had to Google for the answers. He could do that himself! And of course he could! He needed experts to take care of problems quickly and with high quality, not to do the job he knew perfectly well himself.<BR/>I think there are two sides of the problem - one is the billing-side - 100% billing rate, the other is consultants not realizing they are making a fool of themselves (and of course the company not realizing the same). <BR/>But - I must say that when people ask you for help, them may not allways expect you to do the job yourself, they may be more than happy if you can point them to someone who can. <BR/>I wish you all a perfect day!<BR/><BR/>KaiAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-41786897379016565522007-05-30T03:22:00.000-04:002007-05-30T03:22:00.000-04:00This post reminds me of a quote from my favorite c...This post reminds me of a quote from my favorite college professor. He said there are three types of people in this world;<BR/><BR/>Those who know they know and they are OK.<BR/><BR/>Those who know they don't know and they are OK as well.<BR/><BR/>Those who don't know they don't know and these are the ones to watch out for.Anonymousnoreply@blogger.com