A course will be offered this year at Black Hat entitled, "Hacking by Numbers: PCI Edition." A quote from the appropriate literature:
The PCI Data Security Standard (DSS) has had a huge impact on the information security industry. One effect that it has had is to make annual penetration testing mandatory in some segments, and thereby spawn a whole new class of off-the-shelf penetration testers.The term "off-the-shelf penetration testers" makes my stomach churn. It is my belief that hacking is more of an art than a science. Hacking is methodical, but takes a specific type of person to do it. Typical hackers are very methodical and analytic. In addition, ever hacker that I have ever met has a never-give-up mentality about them. This attribute is used as a feedback loop into the problem they are working on.
Sure some security work and/or security methodologies can be taught, but to be a "breaker" you have to have a certain personality type.
What are your thoughts on this? Feel free to tweet me about the topic. @miscsecurity
