The Color of Intent

Thursday, May 17, 2012

Jayson Wylie


I grew up around guns and learned to respect the power, how to handle them as well as using them around other people safely.  

The current term "Cyber Weapons" gives me a better understanding of a statement from a former boss who called my VM tools “A cocked and loaded weapon” and how that was dangerous.

This evidently filled him more with fear than armed CLET guards who had genuine weapons at the facilities. I take pride in my approach and ethics. I didn’t like to be perceived as a criminal, an enemy, or even a threat to the organization.

In my last breath to him, with another round of unfounded accusations, I said that whatever he believed was not my actual “intent”. I believe intent is a good determiner to the actual threat of an individual.

I have always preferred the term "Security Researcher", but I am still plagued by the activities of others that define the small function of a security role as a potential threat inside business networks.

If I said "hacker", everyone would know what goes along with that, and the audience may be impressed or annoyed depending on their fanfare or if they have been victimized.

People still think hacker when they hear the term "pentester". I have been advised by senior managers to never use the term myself - or any of these - nor should I present examples of any types of those abilities.

So, if I was ever asked the color of my intent… the answer would surely be "white".

People don’t seem to believe the rumors of the existence of pure "white hats". It may be believed that they are "black hats" that haven’t been caught.

Ethical testers are not as anxious to do testing as maybe someone who needs something to practice on. There has to be purposeful approaches and reasons to conduct a test. Production is not viewed as a sandbox to play in. 

My recommendation for self promoting testing skills during interviews is to underplay certain abilities until corporate America understands the value of good intentions over the fear of hacks from talented security staff. 

Possibly Related Articles:
Information Security
Testing Penetration Testing hackers Information Security Black Hat White Hat Professional Pentesting Intent
Post Rating I Like this!
CP Constantine Ahh, the power of perception. We want capable employees, but not *too* capable. My favorite line about this is still about how many of us are considered "Exotic Liabilities" to our employers, no matter how much we percieve our ethical convictions to be of a purer notion than theirs: fear trumps rationality in perpetuity it seems.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.