I asked her how many specific technical vulnerabilities this hacker would need to exploit to be considered qualified for the job. I mentioned that my present employer had documented 1,549 unique technical vulnerabilities last year alone. The entire catalog ranges north of 40,000.
I explained that playing attack and defend are two completely different jobs. A successful attacker may need expertise with only one vulnerability. The defender needs to understand them all. But by this time, I figured she had hung up, as I was listening to a dial tone. So much for that VP title this year.
John McCumber is a security and risk professional, and author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, e-mail Cool_as_McCumber@cygnusb2b.com.