I grew up around guns and learned to respect the power, how to handle them as well as using them around other people safely.
The current term "Cyber Weapons" gives me a better understanding of a statement from a former boss who called my VM tools “A cocked and loaded weapon” and how that was dangerous.
This evidently filled him more with fear than armed CLET guards who had genuine weapons at the facilities. I take pride in my approach and ethics. I didn’t like to be perceived as a criminal, an enemy, or even a threat to the organization.
In my last breath to him, with another round of unfounded accusations, I said that whatever he believed was not my actual “intent”. I believe intent is a good determiner to the actual threat of an individual.
I have always preferred the term "Security Researcher", but I am still plagued by the activities of others that define the small function of a security role as a potential threat inside business networks.
If I said "hacker", everyone would know what goes along with that, and the audience may be impressed or annoyed depending on their fanfare or if they have been victimized.
People still think hacker when they hear the term "pentester". I have been advised by senior managers to never use the term myself - or any of these - nor should I present examples of any types of those abilities.
So, if I was ever asked the color of my intent… the answer would surely be "white".
People don’t seem to believe the rumors of the existence of pure "white hats". It may be believed that they are "black hats" that haven’t been caught.
Ethical testers are not as anxious to do testing as maybe someone who needs something to practice on. There has to be purposeful approaches and reasons to conduct a test. Production is not viewed as a sandbox to play in.
My recommendation for self promoting testing skills during interviews is to underplay certain abilities until corporate America understands the value of good intentions over the fear of hacks from talented security staff.
