These are just random thought, I'm just making a discussion from what I've watched and seen. I know this is in all walks of life and not everyone is like this. But I've watched a few "cons" and am beginning to feel more and more there either appears to be or I'm just not understanding their personality, a lot of arrogance in the pen testing community. I admire their work, the holes they find I find interested, the way they get around security but some just seem to come across as arrogant. As an IT Engineer and not in the same league, maybe I feel inferior so maybe, wrongly, see it as arrogance, that they are looking down on me. I've always been interested in security, but this is what puts me off attempting to get into the field.
Where did this come from? The recent Pen Test done on our company. I'm not involved but some of the finds in the reports just seem a little off to me. But that's another story. I was watching one of the old "cons" recently, Defcon 19, with the panel and Jericho was on it. He seemed to come across really hostile and arrogant. I could be totally wrong, he's probably a decent guy but, I totally don't agree with his comment 14mins in to the talk. That when you work 40-80 hours a week banging your head against a wall but being paid for it. Pen testing for 15 years, going back every 6 months to re-test and nothings changed, companies still not patching holes they've been warned about. Maybe it's time they were bent over and fisted. You'll need to watch the video for the full quote. But I just feel. You're a pen tester, you're hired to come into a company like ours and test and give us a report. Nothing more. Pen testers aren't the law or police. It's then up to that company to decide if it wants to act on those holes. Yes, they'd be stupid not to, but it's the companies decision at the end of the day. It's not the right of the pen tester to feel he/she, then has the right to "fist" the company after, because they gave them plenty of warning.
The whole talk just felt uncomfortable to me.
The other speakers I've enjoyed though are Dan Kaminsky and Zoz's talk at DefCon 18 when he had his Apple stolen :) (the Apple being stolen wasn't funny, how he got it back was) and also Jason Scott's talk "You're stealing it wrong"
This is why I'm crap at explaining what I'm thinking, because these talks show the industry isn't full of arrogance and so does Hak5, hence all those years ago when I found Hak5, I've ended up still here.
I'll get my coat.