Dear Intel,
The things you state motivated me to move into organizational and process
consulting. Basically, "every morning, another fool rises" (German proverb).
Human failure is a part of every organization, and hardly anybody can claim
to be perfect.
If you discover organizational and procedural flaws in your customer's
organization, you should be able to describe them matter-of-factly in your
report and make suggestions on how to get rid of them and improve the
effectiveness of the organization. Don't evangelize. Give them the facts,
give them your recommendations and let them decide.
If they refuse to follow your recommendation or discard it, so be it. You
can't save the world. Chances are, you'll be back sometime soon and maybe
then they will be ready to listen.
And if they need more budget, super! Tell them that they'll need budget to
improve their processes, and you're the one to show them how!
Just my 2 cents.
Kind regards
Jörg Maaß
-----Ursprüngliche Nachricht-----
Von: intel96 [mailto:intel96@bellsouth.net]
Gesendet: Mittwoch, 15. Juni 2005 03:12
An: pen-test@securityfocus.com
Cc: lists@isecom.org
Betreff: Re: Why Penetration Test?
<snip> These things require leadership to fix not more
funding!!!!!!!!! How do you state that in a report?
So IMHO every project is different based on the customer's needs (more
funding and more head count). The other issue is how to set the clowns
apart from the professionals, which is becoming harder to do because
there are more clowns and not enough professional and the clowns are
hurting the rest of us....
<snip>
