HOME - NEWS EVENTS - MAILING LISTS - OPST/OPSA TRAINING & EXAMS - ABOUT US - CORE TEAM - MEDIA KIT - CONTACT - OPEN LICENSES 




 


 
  TEAM ACCESS
     Beta Releases
     Gold Team Updates

  PROJECTS & RESEARCH
     Business Integrity Testing
     Compromise Detection
     Jack of All Trades
     Hacker Highschool
     Hacker's Profiling Project
     Protocol Database
     Security Incident Policy Enforcement
     Security Metrics
     Security Maturity Model
     Secure Programming
     Security Testing Methodology
     Software Quality Testing
     Security Tools
     Trusted Computing
     XML
     Graduate Projects

  ACCREDITED TRAINING
     ISESTORM Event 
     OPSA - Security Analyst 
     OPST - Security Tester 
     OPSE - OSSTMM Expert 
     OWSE - OSSTMM Wireless Expert 
     Hacker Highschool Teacher
     Training Material Accreditation 
     Trainer & Training Certification
     Training & Exam Schedule

  ASSOCIATIONS 

     ISECOM Associates
     ISECOM Affiliates
     ISECOM Partners
     ISECOM Auditors
     Sponsors

  SERVICES 

     Security Test Review
     Gold/Silver Subscriptions 
ISECOM - Institute for Security and Open Methodologies

www.isecom.org - CRITICAL THINKING - JACK

THE JACK OF ALL TRADES SECURITY AWARENESS by Pete Herzog

Jack began as a mentality-determining method for hiring penetration testers. It's reach became central to teach people security by applying what they already know to security. As applied security knowledge is essentially based on critical thinking, observation, and analysis, the Jack exercises exist to exploit the mentor-method of teaching these skills.

The history of Jack is best told by the developer:

"It has become more and more apparent to me that finding good security testers is difficult since many with the right mentality do not have the right professional skills and many with great networking or administration skills don't know where to get the hacking mentality," said Pete Herzog, cretor of the OSSTMM. "In a desire to hire good people and train them quickly and efficiently, I found myself hiring network engineers and systems administrators and giving them the OSSTMM to read. What this achieved is to take someone with specific skill sets that could be valuable in security testing and trying to make them understand the bigger picture of security. This did not make them good hackers though."

"I proposed a training program a while back that could take good network people and make them understand the hacker side of networks (without having them spend weeks trolling through #hack and 3133T HACK3RZ web sites). The training program forced the participant to think "outside
the box" which of course is the goal of any creativity workshop. But I still needed to apply it to real situations, real networks, and real concepts."

"As I developed more and more of the manual, Jack started to evolve in my head. I found myself using metaphors to explain parts of the manual to co-workers and prospective employees, which is a very common thing to do in this field. Eventually, I stumbled across a word problem about four men crossing a bridge and each had to go in pairs and all four had to cross in 17 minutes. Maybe you know it. This brought about another word game with a light switch and whether it was in the on or off position if you could not see the light. From there, the question became more obvious to me-- list 10 ways to shut off a light. That was the first and most basic question. I sat down and mapped out more questions about the light and then about other things-- bridges, viruses, and mail delivery. After a day, Jack was conceived."

"Jack grew from the basic questions for creative thinking to the security information that it relates to in the manual. With the methodology in place, I was able to keep security concepts as a tight parallel to the Jack questions."

"Jack of All Trades is not meant to be a test. It is meant to be a discussion and a training workshop. Please keep that in mind."

Download:

 Size     Date   Time   Name                     Canada Spain USA
 52649    Dec 1  2002   jack.1.0.en.pdf......................
 204785   Dec 1  2002   jack.1.0.chn.pdf.....................

 

 

 

 

 

 
 

 

Formerly the Ideahamster Organization - www.isecom.org - www.osstmm.orgwww.hackerhighschool.org - www.isestorm.org
 If you have any comments, questions, or to note broken links on this website send e-mail to the Webmaster. 
 All contents copyright © 2000 - 2006 - ISECOM - Institute for Security and Open Methodologies. All rights reserved.