CHAPTER

15

The Security Value of Expertise

Over the years that I managed penetration testing engagements, I ran into a curious phenomenon regarding expertise. Expertise should be something respected for its own sake. If you know your stuff, that knowledge should invite respect from others. At least that’s how it’s supposed to work. One of the reasons consultants and specialists (such as penetration testers) are hired and paid premium rates is the assumption that they know more than the organizations that hire them about their particular areas of expertise. That’s why my team of security engineers was routinely hired to test customers’ information security infrastructure for vulnerabilities. Our team would engage a customer, the engineers would ...

Get People-Centric Security: Transforming Your Enterprise Security Culture now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.