> I work for an AV company and I am in this field for quite a long time now
> (more than 10 years). The very first rule here is that we just do not hire
> guys who had ever written a viral or malicious code. There is no ethical
> hacking either. There is a security checking for systems like yours, but as
> soon as you use word hacking, you are hacking.
>
> Same as in the real world: Police would never hire robbers, and bank will
> never ask people to rob their money. There are security experts for
> securing
> their system and there is a police academy for teaching officers...
>


I wanted inform you regarding to our research in this subject.

It turned out  that hiring a blackhat is most of the companies choice.We
compared proof of concept presentations made by both blackhats and security
experts.Results showed that security experts are people who have just enough
knowledge to protect systems against intrusions which are already publicly
known.Blackhats prooved to have far more enhanced imagination and techniques
than security experts.Also blackhats showed us that they already know more
than everything than securit experts with lots of certifications.It's safe
to say that those certifications didn't mean as much as we would have
expected when it comes to a final decision.

I do not know which AV Vendor you are working for but I can say that
equivalent of 10 years of work should include more than you seem to
know.Sorry to say that it's just an observation.

Cheers
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist