”Once you have broken in and compromised a system, the biggest skill pen testers can have is the ability to effectively communicate their findings to their client for remediation. If you can’t tell people how you did what you did, where you did it, and how you can fix it, it is not really all that valuable.” David Maynor – Principal Threat Researcher at Equinix
Source: Dark Reading
About David Maynor
Today David Maynor is kind of a jack-of-all-trades hacker who digs into Microsoft software bugs as well as wireless driver vulnerabilities, such as the one he and fellow researcher Jon Ellch demonstrated at Black Hat USA last August. “I like focusing on things than can be used to break into your computer or steal information or do bad things to you. If you think about the typical, motivated hacker-for-hire, he’s not going to be [an expert in] wireless-only. The enemy is cross-disciplinary, and so should you be.”
David Maynor says he gets a kick out of how people romanticize security research. It’s really not very sexy. [Ed. note: Now there’s a shocker.] “If someone were to watch me working, they’d see me sitting for hours in front of my computer, dissembling.
Maynor spent just four months at SecureWorks Inc. , the company he was working for during the Apple controversy, before leaving to start up Errata Security with its CEO, Robert Graham, former chief scientist at IBM Internet Security Systems . Errata does research and provides vulnerability analysis services and professional consulting and architecture review services. Prior to joining SecureWorks, Maynor spent three years writing exploit code for ISS. (See Startup to Take Measure of Security and 10 Hot Security Startups.)
The Macbook hack at Black Hat last year made Maynor a household name in the security world — and more like “mud” among Apple enthusiasts who refused to believe their platform had security weaknesses. And although Maynor says he’s so over the Apple thing, he prefers not to talk much about it anymore, having finally gone public at the Black Hat D.C. briefings with some details of the hack and his communiqué with Apple (See Apple Flap Redux.)