Haydn Rees

Eindhoven, the Netherlands

Technical Analyst

The problem is defensive security. How do you sharpen it up to the necessary level? To borrow from biology, evolution occurs fastest when the environment is hostile.

You can't afford to have the only game in town as Defensive Security vs. Blackhat penetration. Now if only there was a way of setting them against non-malevolent opposition; tame but aggressive predators - ideally more aggressive than the wild ones.

This is a workmanlike set of axioms, that need hard money invested in them to identify and quantify risk, and align resources accordingly. I think the only people competent to identify such priorities are the pen-testers, but that's a hard sell.

Forget Polo; White-hat security penetration testing sounds like the sport of Kings - it must become one of the most interesting career paths available to attract talent.

The amount of infrastructure now controlled over the web expands the definition of critical infrastructure, because it explodes the number of points of vulnerability.

The only way to get the resources would be a regulatory environment which sees prisons littered with company directors whose physical and technical systems weren't pen-tested regularly enough.

We will need an industry almost exactly like this during the Olympics, which means we will need a run up.

Professionalised whitehat penetration testing? Where do I sign up?