[Chugalug] penetrate me!

AverageSecurityGuy stephen at averagesecurityguy.info
Thu Mar 27 14:22:50 UTC 2014


  I do pen testing professionally and have my own company so there is low overhead. If you want to talk more about what you need and pricing, please email me off list.


Stephen Haywood
Owner, ASG Consulting

On Mar 27, 2014, at 12:58 AM, Ed King <chevyiinova at bellsouth.net> wrote:

> Our "network administrator" at the main office quit over a year ago and a replacement was never hired.
> http://www.linkedin.com/pub/christopher-silver/7/6a8/341
> Our "network administrator" at our "NOC" quit over a year ago and never got replaced.
> www.linkedin.com/in/mlaman
> Our "phone system guy" quit a year ago, a replacement was hired, but I've seen him, like, once.  When the phone/fax systems goes down, they call ME.
> http://www.linkedin.com/profile/view?id=49461976
> So guess what?  I and one of the other programmers on my team inherited all these extra support duties (without a single f'ing penny of a pay raise, mind you).
> We inherited hardware and software that hasn't been updated in years (insert career-damaging-but-painfully-true my-boss-is-a-cheap-bastard-and-doesn't-spend-money-on-upgrades comment here)
> We know basic firewall, iptables, am mindful of sql injection, can install/run/monitor virus scanners etc, but we are not security experts nor do we play one on t.v.    
> If this situation wasn't stressful enough, it has now come to a boil as a potential (big!) client "demands" proof of pen testing before they will let us host their data.    At this point I'm spread way to thin and told my boss today that he needs to crack open that wallet and hire an outside pen tester.    Anyone on the list "qualified" to do it?    Willing to work for peanuts?
> What defines a qualified pen tester?  I see what appears to be "free" software I could download and run myself, if I was inclined to take on more responsibility w/o pay.    I suppose this free software would be a "good start" but is a pen test done by an "internal" employee good enough for the client, I doubt it.
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140327/5c651d5b/attachment.pgp>

More information about the Chugalug mailing list