On 10/22/09, Walubengo J <
jwalu@yahoo.com> wrote:
> @./Chuks
>
> I hear you...however I must still repeat that CISAs are by design NOT
> Penetration Testers. So it is harsh to judge their relevance based on their
> failure to execute a PenTest.
>
> Just to repeat, CISAs evaluate and focus on the big picture of the Security
> ecosystem - i.e the relationship between People, Processes and Systems that
> is necessary to provide assurance that risk is mitigated. And taking your
> Penetration test example further, indeed you may have exposed and sealed the
> loophole in the Webserver (if your focus being ONLY on "Systems") but if the
> "People" and the "Process" aspects are weak, your superior technical
> solutions may still fail to address the overall Security objectives.
>
> That said, if I was a CISA and had that Audit job that required Penetration
> testing, I would have definitely hired you ;-)
>
> walu.
> --- On Thu, 10/22/09, Preston <
podera@k90ea.com> wrote:
>
> From: Preston <
podera@k90ea.com>
> Subject: Re: [Skunkworks] AUDIT OF IT
> To: "Skunkworks Forum" <
skunkworks@lists.my.co.ke>
> Date: Thursday, October 22, 2009, 12:32 AM
>
>
> Hi All
>
> CISSP is for Security Professional just like CISM is for Security Manager.
> Let us think of MBA or Bsc and then we will know how deep we can go with the
> discussion.
>
> Preston
>
>
> --- On Wed, 10/21/09, Gichuki John Chuksjonia <
chuksjonia@gmail.com> wrote:
>
>> From: Gichuki John Chuksjonia <
chuksjonia@gmail.com>
>> Subject: Re: [Skunkworks] AUDIT OF IT
>> To: "Skunkworks Forum" <
skunkworks@lists.my.co.ke>
>> Date: Wednesday, October 21, 2009, 12:01 PM
>> Personally i think a CISSP is much
>> more better than a CISA, since he
>> see things the technical way and also Managerial way. The
>> other day in
>> Ghana some CISA guys were doing security audit and they
>> were asking
>> for files in a SUSE server that never exist. I don't know
>> where they
>> heard that from, and as far as as am concerned, such info
>> can be
>> Googled.
>>
>> So such audits depends on what the customer wants and how
>> knowing he
>> is, coz if you are concerned about something you will need
>> it done. So
>> Audit Policies should always have a questionnaires when
>> picking up
>> Security Vendors which helps to narrow down to the right
>> auditing
>> firm.
>>
>> The other day i was doing a penetration testing for a
>> client who have
>> a set of servers with one Portal on the bonder. A big
>> company had done
>> a pentest a month before but they client wasn't satisfied,
>> so he
>> needed a real penetration test. So amazingly there was a
>> plugin in the
>> webserver that gave me way to root since it had a sql
>> injection on it
>> though blind. so i blindly uploaded code that would run
>> arbitrary
>> commands and soon i had a bindshell. One thing a pentester
>> would do is
>> try all means to get root, and see if he can read history
>> of all the
>> users. So one thing i noticed is that if these guys had a
>> good
>> security admin like they had specified, they should have
>> seen that
>> Apache tried to bind and was already a privileged user.
>> Secondly the
>> security administrator should have seen that guys miss to
>> write their
>> passwords when sshing and leaving them in their history.
>>
>> What amazed me was that this Company that had done the
>> audit before
>> was a well proclaimed companies that was assigned with this
>> same task
>> and failed to deliver. They have CISAs, CISSPs, CEHs,
>> proffessionals
>> but Risk Part of the Assessment wasn't done.
>>
>> So the question is, are the these Auditors just doing it
>> for the
>> money, or just having so much fun leaving Gaping holes for
>> the
>> clients, or is it that they just don't know what they are
>> supposed to
>> look for?
>>
>> Secondly do these papers(Certs) matter these days in the
>> world of IT,
>> coz i have seen Bedroom coders who end being better than
>> even guys who
>> went to school. Look-up at the Kenyan BDS developer,
>> @kasina in
>> tweeter, that guy didn't learn C in school.
>>
>> So what i think is real change as far such issues are
>> concerned
>> otherwise, all organizations in Africa/Kenya are open to
>> serious
>> compromise especially Govt Infrastructure.
>>
>> Two Cents!
>>
>>
>>
>> ./Chuks
>>
>> On 10/21/09, Walubengo J <
jwalu@yahoo.com>
>> wrote:
>> > I agree with Ikua/Preston. CISA (Certified
>> Information Systems Auditors)
>> > tend to have the big picture - and that's by design.
>> They dont drill down
>> > to specific vendor technologies - even though they
>> know what to expect from
>> > such technologies. Maybe a snapshot of the course
>> content would help as
>> > given below :(ref:
www.isaca.org)
>> >
>> >
1.IS Audit Process
>> >
2.IT Governance
>> > 3.Infrastructure Lifecycle Development
>> > 4.Protection of Information Assets.
>> > 5.Business Continuity and Disaster Mngt
>> >
>> > And so If am a CISA with a financial/accounting
>> background but need to
>> > inspect a Cisco PIX firewall I would be obliged to
>> hire the expertise
>> > rather pretend to do it. Ofcourse, If am a CISA and a
>> techie in that area
>> > (and there are many like that) I would just proceed
>> and perform the
>> > inspection accordingly.
>> >
>> > The point is, the Security Ecosystem is so large and
>> each professional in
>> > the Security field has an important role to play.
>> Trying to establish who is
>> > better than the other would be like trying to see who
>> btwn the following is
>> > better than the other: The Architect who designs the
>> building or the
>> > Electrical/Civil/Structural Engineers who provide
>> specialized services
>> > within the buildings...rather than begin to research
>> for an answer, I would
>> > say it's really a misplaced question to ask.
>> >
>> > walu.
>> > nb: am a CISA but not an Accountant (so feel free to
>> consider my views
>> > biased ;-)
>> >
>> > --- On Tue, 10/20/09, Preston <
podera@k90ea.com>
>> wrote:
>> >
>> > From: Preston <
podera@k90ea.com>
>> > Subject: Re: [Skunkworks] AUDIT OF IT
>> > To: "Skunkworks Forum" <
skunkworks@lists.my.co.ke>
>> > Date: Tuesday, October 20, 2009, 2:09 PM
>> >
>> > If we start from the premise that you cannot be a
>> master of all then
>> > Certified Penetration Testers, Systems Engineers,
>> Network Vulnerabilty
>> > Experts can only handle their areas but only to the
>> level their knowledge
>> > can allow with a scale (1 to 10) depending on whether
>> you gained it from
>> > Karamaindo as a college or company. Also hands-on
>> experience plays a greater
>> > part including organization culture.
>> >
>> > Depending on what has to be audited you need a team of
>> experts!! in the
>> > areas being audited. The experts might not be the
>> better than those being
>> > audited (Even on Financial Audits this is sometimes
>> the case where junior
>> > auditors are sent to companies with least audit
>> experience)but has to make
>> > an assurance that the areas being audited are meeting
>> some standards both as
>> > defined by the company being audited or guided by
>> international standards.
>> >
>> > What is also required is a team leader and that is
>> where Certified
>> > Information Systems Auditors come in. These are from
>> various backgrounds
>> > including teckies, financials etc..
>> >
>> > As Evans indicates One of the ISACA audit standards
>> states that an auditor
>> > should use the right expert for the right audit
>> process. This is quite true
>> > for all professions. I realized this when putting up a
>> modest palace (needed
>> > Architect, Quantity Engineer, Structural Engineer,
>> Foreman Man, Plumber,
>> > Electrical Engieer, Loader and a host of other
>> professions while the single
>> > process was Putting Up the Palace=IT Audit). In all of
>> these a team work of
>> > different professions are required guided by a leader
>> who has received
>> > certain qualification where CISA is one of them
>> >
>> >
>> > Preston
>> >
>> >
>> >
>> > --- On Tue, 10/20/09, Evans Ikua <
ikua.evans@gmail.com>
>> wrote:
>> >
>> >> From: Evans Ikua <
ikua.evans@gmail.com>
>> >> Subject: Re: [Skunkworks] AUDIT OF IT
>> >> To: "Skunkworks Forum" <
skunkworks@lists.my.co.ke>
>> >> Date: Tuesday, October 20, 2009, 10:58 AM
>> >> I am a member of the local ISACA
>> >> chapter, but I will speak for myself.
>> >> Amolo, I dont agree with you. I recently spoke to
>> a guy
>> >> from a local
>> >> shop of the big 5 audit (Finance) firms. He said
>> they do IT
>> >> audits
>> >> alright. But they are more interested in seeing
>> how far the
>> >> IT
>> >> infrastructure supports the financial figures that
>> they are
>> >> reporting
>> >> on. You realize most of accounting nowadays is
>> dependent on
>> >> IT, as is
>> >> most of business processes.
>> >>
>> >> But how does an accountant (majority of CISAs are)
>> tell if
>> >> a DB has
>> >> been compromised if he does not understand the
>> deep
>> >> workings of a DB?
>> >>
>> >> As I have said before, the best a CISA can do is
>> to manage
>> >> the whole
>> >> process of the IT audit, but not to pretend to be
>> what they
>> >> are not.
>> >> One of the ISACA audit standards states that an
>> auditor
>> >> should use the
>> >> right expert for the right audit process. If you
>> want to
>> >> audit a data
>> >> base, hire a data base expert. If you want to
>> gauge
>> >> network
>> >> vulnerability, hire a vulnerability expert, and so
>> on.
>> >> It's
>> >> professional negligence, which should attract
>> hefty legal
>> >> penalties,
>> >> for a firm to conduct an IT audit, give a clean
>> bill of
>> >> health, and
>> >> leave an organization at risk.
>> >>
>> >> Just wait till you hear someone taken to court
>> for
>> >> professional negligence.
>> >>
>> >> Ikua
>> >>
>> >> On Mon, Oct 19, 2009 at 10:51 PM, Areba Collins
>> <
arebacollins@gmail.com>
>> >> wrote:
>> >> > Slunks! Whats so hard? IT audit, IT. Finance
>> audit,
>> >> FINANCE.
>> >> >
>> >> > On 10/19/09, Paul Roy <
roykoikai@gmail.com>
>> >> wrote:
>> >> >> am liking this... so far Chucks is
>> leading :)
>> >> >>
>> >> >> On Mon, Oct 19, 2009 at 5:36 PM, Gichuki
>> John
>> >> Chuksjonia <
>> >> >>
chuksjonia@gmail.com>
>> >> wrote:
>> >> >>
>> >> >>> So their scope would be Financial
>> Audit?
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> On 10/19/09, Joshua Amolo <
joshua.amolo@gmail.com>
>> >> wrote:
>> >> >>> > If you check my mail again
>> Chuks, i
>> >> talked about SCOPE
>> >> >>> >
>> >> >>> > On Mon, Oct 19, 2009 at 4:00 PM,
>> Gichuki
>> >> John Chuksjonia <
>> >> >>> >
chuksjonia@gmail.com>
>> >> wrote:
>> >> >>> >
>> >> >>> >> @Joshua, yah mistaken. What
>> does an
>> >> IT Audit compose of. Because a
>> >> >>> >> Code Audit is part of IT
>> Audit, tell
>> >> us, how can an Finance guy look
>> >> >>> >> for loop holes and bugs in a
>> php code
>> >> if he doesn't even know how to
>> >> >>> >> write one?
>> >> >>> >>
>> >> >>> >>
>> >> >>> >>
>> >> >>> >>
>> >> >>> >> On 10/19/09, Joshua Amolo
>> <
joshua.amolo@gmail.com>
>> >> wrote:
>> >> >>> >> > I dont think there is
>> naything
>> >> wrong with a Finance guy auditing IT.
>> >> >>> >> >
>> >> >>> >> > The issue should be
>> what's the
>> >> purpose of the audit. The purpose will
>> >> >>> >> give a
>> >> >>> >> > clear scope and the
>> necessary
>> >> competence to undertake the the audit.
>> >> >>> >> >
>> >> >>> >> > For example if you were
>> to audit
>> >> the financial sense of having a unit
>> >> >>> >> within
>> >> >>> >> > IT, you dont need
>> another IT guy
>> >> to do this audit. If an auditor
>> >> >>> >> > wants
>> >> >>> >> > to
>> >> >>> >> > check conformity to
>> certain
>> >> standards of your network for example,
>> >> >>> there
>> >> >>> >> are
>> >> >>> >> > very powerful tools a
>> Finance
>> >> guy can use.
>> >> >>> >> >
>> >> >>> >> > Cynthia I agree with
>> you
>> >> sometimes you can endure very unnecessary
>> >> >>> >> questions
>> >> >>> >> > from an incompetent
>> auditor I
>> >> remember a case where an auditor was
>> >> >>> >> checking
>> >> >>> >> > the competence of a
>> hardware
>> >> technician and he asked him 'Does the
>> >> >>> >> computer
>> >> >>> >> > has a motherboard?',
>> the
>> >> technician was so pissed he plainly just
>> >> >>> >> > said
>> >> >>> >> 'no
>> >> >>> >> > this one uses a
>> fatherboard'
>> >> >>> >> >
>> >> >>> >> >
>> >> >>> >> > On Mon, Oct 19, 2009 at
>> 3:04 PM,
>> >> Joseph McDonald
>> >> >>> >> > <
mcdonaldoj@gmail.com>wrote:
>> >> >>> >> >
>> >> >>> >> >> The confusion
>> >> started,because there are few companies that
>> normally
>> >> >>> do
>> >> >>> >> >> independent IT
>> audits.In
>> >> most cases the IT audit is done as an
>> >> >>> >> >> extension
>> >> >>> >> >> of
>> >> >>> >> >> the Financial
>> audits hence
>> >> you will find many accountants rushed to
>> >> >>> do
>> >> >>> >> >> CISA.
>> >> >>> >> >>
>> >> >>> >> >> Secondly in any
>> organisation
>> >> the three P's are important
>> >> >>> >> (People,Products
>> >> >>> >> >> and Profits)
>> systems and IT
>> >> for that matter,in most cases are
>> >> >>> enablers
>> >> >>> >> to
>> >> >>> >> >> help the people,to
>> move the
>> >> products faster to the market and to
>> >> >>> >> increase
>> >> >>> >> >> efficiency hence
>> profits.
>> >> >>> >> >>
>> >> >>> >> >> There are some IT
>> audits
>> >> which finance people with can perform
>> >> >>> >> well.While
>> >> >>> >> >> there are some
>> areas which
>> >> definately require some IT expertise for
>> >> >>> you
>> >> >>> >> do
>> >> >>> >> >> benefit fully from
>> the said
>> >> audit.
>> >> >>> >> >>
>> >> >>> >> >> Because a good
>> audit should
>> >> give the auditee and the organisation
>> >> >>> ways
>> >> >>> >> for
>> >> >>> >> >> corrective and
>> preventive
>> >> actions, and continual improvement.
>> >> >>> >> >>
>> >> >>> >> >>
>> >> >>> >> >> On Mon, Oct 19,
>> 2009 at 9:25
>> >> AM, Eric Mugo <
kabugum@gmail.com>
>> >> >>> wrote:
>> >> >>> >> >>
>> >> >>> >> >>> A Finance
>> person
>> >> auditing an IT infrastructure is like a Security
>> >> >>> >> >>> Assessor
>> >> >>> >> >>> auditing the
>> end year
>> >> results of a company. I find it very ironical
>> >> >>> >> >>> and
>> >> >>> >> >>> old
>> >> >>> >> >>> school thinking
>> from
>> >> those days when I.T used to Fall under Finance
>> >> >>> >> >>>
>> department/Division.
>> >> Back then, the systems were simple and geared
>> >> >>> >> >>> towards
>> >> >>> >> >>> very specific
>> tasks.
>> >> That is no longer the case nowadays.
>> >> >>> >> >>>
>> >> >>> >> >>> A company's
>> systems
>> >> infrastructure has become very comples, look at
>> >> >>> a
>> >> >>> >> >>> situation where
>> a
>> >> company has several DMZ,s each hosting different
>> >> >>> >> >>> systems,
>> >> >>> >> >>> several Server
>> Farms,
>> >> Webhosting Facilities, a super big ERP....and
>> >> >>> >> then
>> >> >>> >> >>> you
>> >> >>> >> >>> bring an
>> accountant to
>> >> do a security audit of the systems or rather
>> >> >>> >> >>> perform
>> >> >>> >> >>> an entire audit
>> meaning
>> >> management, financial and security
>> >> >>> >> >>>
>> audit....forgive
>> >> >>> >> >>> me but i find
>> it plain
>> >> stupid!
>> >> >>> >> >>>
>> >> >>> >> >>> The positive
>> thing is
>> >> that most companies are now realising the
>> >> >>> >> >>> importance
>> >> >>> >> >>> of a
>> information
>> >> security role within their ranks. Once someone in
>> >> >>> >> charge
>> >> >>> >> >>> of
>> >> >>> >> >>> security is in
>> place
>> >> then chances of being audited on Security by a
>> >> >>> >> CPA-K
>> >> >>> >> >>> are reduced
>> because the
>> >> I.T guy will spot their incomptencies from
>> >> >>> >> >>> a
>> >> >>> >> mile
>> >> >>> >> >>> away...
>> >> >>> >> >>>
>> >> >>> >> >>>
>> >> >>> >> >>>
>> >> >>> >> >>>
>> >> >>> >> >>>
>> >> >>> >> >>> On Mon, Oct 19,
>> 2009 at
>> >> 8:33 AM, Edmund Okumu
>> >> >>> >> >>> <
edmund.okumu@gmail.com>wrote:
>> >> >>> >> >>>
>> >> >>> >> >>>> Most Audit
>> firms do
>> >> exactly that. It is not right at all to have a
>> >> >>> >> >>>> finance guy
>> audit
>> >> IT. Let me state categorically that even if a
>> >> >>> >> finance
>> >> >>> >> >>>> person has
>> taken the
>> >> CISA exams and passed, they still don't
>> >> >>> qualify
>> >> >>> >> to
>> >> >>> >> >>>> audit IT as
>> IT audit
>> >> requires an IT Audit professional with some
>> >> >>> >> >>>> level
>> >> >>> >> >>>> of
>> >> >>> >> >>>> deep
>> understanding
>> >> in the particular field of audit. Preferably
>> >> >>> >> >>>> the
>> >> >>> >> >>>> IT
>> >> >>> >> >>>> auditor
>> should come
>> >> from a technical background e.g. Systems
>> >> >>> >> >>>>
>> Development,
>> >> >>> >> >>>> Systems and
>> Network
>> >> Administration or Database Administration.
>> >> >>> >> >>>>
>> >> >>> >> >>>> Such people
>> employed
>> >> by audit firms usually right nasty audit
>> >> >>> reports
>> >> >>> >> >>>> based on
>> findings
>> >> that do not satisfy the expectations of the
>> >> >>> >> >>>> forms
>> >> >>> >> >>>> downloaded
>> from the
>> >> Internet. The audit reports therefore do not
>> >> >>> give
>> >> >>> >> a
>> >> >>> >> >>>> true
>> >> >>> >> >>>> reflection
>> of the
>> >> particular IT department of interest.
>> >> >>> >> >>>>
>> >> >>> >> >>>> Can someone
>> from
>> >> ISACA the kenyan chapter respond to this issue
>> >> >>> >> >>>> and
>> >> >>> >> tell
>> >> >>> >> >>>> us the way
>> forward.
>> >> We need some level of regulation on this.
>> >> >>> >> >>>>
>> >> >>> >> >>>>
>> >> >>> >> >>>> On Sun, Oct
>> 18, 2009
>> >> at 6:07 PM, Cynthia Wahome
>> >> >>> >> >>>> <
cwahome@jambo.co.ke>wrote:
>> >> >>> >> >>>>
>> >> >>> >> >>>>> Dear
>> All
>> >> >>> >> >>>>> Let me
>> get your
>> >> thoughts on this.
>> >> >>> >> >>>>>
>> >> >>> >> >>>>> Is it
>> right for
>> >> a Finance guy to come and do an audit to an IT
>> >> >>> >> >>>>>
>> department
>> >> >>> >> >>>>> yet the
>> Finance
>> >> guy has no clue about IT.
>> >> >>> >> >>>>> I wont
>> name the
>> >> audit firm here but i wonder,when they go to the
>> >> >>> net
>> >> >>> >> >>>>> and
>> >> >>> >> >>>>>
>> download a form
>> >> then they come and ask you silly questions makes
>> >> >>> me
>> >> >>> >> >>>>>
>> question them
>> >> >>> >> >>>>>
>> >> >>> >> >>>>> People
>> my
>> >> question is this
>> >> >>> >> >>>>> Who
>> should do an
>> >> IT audit? Finance People? or IT People
>> >> >>> >> >>>>> I stand
>> to be
>> >> corrected
>> >> >>> >> >>>>>
>> >> >>> >> >>>>>
>> >> >>> >> >>>>>
>> >> ----------------------------------------------
>> >> >>> >> >>>>> This
>> message has
>> >> been scanned for viruses and
>> >> >>> >> >>>>>
>> dangerous
>> >> content by Jambo MailScanner, and is
>> >> >>> >> >>>>>
>> believed to be
>> >> clean.
>> >> >>> >> >>>>>
>> >> ---------------------------------------------
>> >> >>> >> >>>>> "easy
>> access to
>> >> the world"
>> >> >>> >> >>>>>
>> >> >>> >> >>>>>
>> >> _______________________________________________
>> >> >>> >> >>>>>
>> Skunkworks
>> >> mailing list
>> >> >>> >> >>>>>
Skunkworks@lists.my.co.ke
>> >> >>> >> >>>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> >>> >> >>>>>
>> ------------
>> >> >>> >> >>>>>
>> Skunkworks
>> >> Rules
>> >> >>> >> >>>>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> >>> >> >>>>>
>> ------------
>> >> >>> >> >>>>> Other
>> services @
>> >>
http://my.co.ke
>> >> >>> >> >>>>> Other
>> lists
>> >> >>> >> >>>>>
>> -------------
>> >> >>> >> >>>>>
>> Announce:
>> >> >>> >> >>>>>
>> >> >>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> >>> >> >>>>>
>> Science:
>> >> >>> >> >>>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> >> >>> >> >>>>> kazi:
>> >> >>>
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >> >>> >> >>>>>
>> >> >>> >> >>>>
>> >> >>> >> >>>>
>> >> >>> >> >>>>
>> >> >>> >> >>>> --
>> >> >>> >> >>>> Edmund C.
>> O. Okumu
>> >> >>> >> >>>> P.O Box
>> 8490-00200,
>> >> >>> >> >>>> Nairobi,
>> Kenya.
>> >> >>> >> >>>> TEL:
>> 254-721-734935
>> >> >>> >> >>>>
>> >> >>> >> >>>>
>> >> >>> >> >>>>
>> >> _______________________________________________
>> >> >>> >> >>>> Skunkworks
>> mailing
>> >> list
>> >> >>> >> >>>>
Skunkworks@lists.my.co.ke
>> >> >>> >> >>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> >>> >> >>>>
>> ------------
>> >> >>> >> >>>> Skunkworks
>> Rules
>> >> >>> >> >>>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> >>> >> >>>>
>> ------------
>> >> >>> >> >>>> Other
>> services @
http://my.co.ke
>> >> >>> >> >>>> Other
>> lists
>> >> >>> >> >>>>
>> -------------
>> >> >>> >> >>>> Announce:
>> >> >>> >> >>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> >>> >> >>>> Science:
>> >> >>> >> >>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> >> >>> >> >>>> kazi:
>> >> >>> >> >>>>
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >> >>> >> >>>>
>> >> >>> >> >>>
>> >> >>> >> >>>
>> >> >>> >> >>>
>> >> _______________________________________________
>> >> >>> >> >>> Skunkworks
>> mailing list
>> >> >>> >> >>>
Skunkworks@lists.my.co.ke
>> >> >>> >> >>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> >>> >> >>> ------------
>> >> >>> >> >>> Skunkworks
>> Rules
>> >> >>> >> >>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> >>> >> >>> ------------
>> >> >>> >> >>> Other services
>> @
http://my.co.ke
>> >> >>> >> >>> Other lists
>> >> >>> >> >>> -------------
>> >> >>> >> >>> Announce:
>> >> >>> >> >>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> >>> >> >>> Science:
>> >> >>> >> >>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> >> >>> >> >>> kazi:
>> >> >>> >> >>>
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >> >>> >> >>>
>> >> >>> >> >>
>> >> >>> >> >>
>> >> >>> >> >>
>> >> _______________________________________________
>> >> >>> >> >> Skunkworks mailing
>> list
>> >> >>> >> >>
Skunkworks@lists.my.co.ke
>> >> >>> >> >>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> >>> >> >> ------------
>> >> >>> >> >> Skunkworks Rules
>> >> >>> >> >>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> >>> >> >> ------------
>> >> >>> >> >> Other services @
http://my.co.ke
>> >> >>> >> >> Other lists
>> >> >>> >> >> -------------
>> >> >>> >> >> Announce:
>> >> >>> >> >>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> >>> >> >> Science:
>> >> >>> >> >>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> >> >>> >> >> kazi:
>> >> >>> >> >>
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >> >>> >> >>
>> >> >>> >> >
>> >> >>> >> >
>> >> >>> >> >
>> >> >>> >> > --
>> >> >>> >> >
>> >>
>> ----------------------------------------------------------------
>> >> >>> >> > Joshua Amolo
>> >> >>> >> > Cell: +254 720
>> 263308/+255 783
>> >> 060052
>> >> >>> >> >
>> >> >>> >> >
>> >> >>> >> > Managing IT people is
>> like
>> >> herding cats
>> >> >>> >> >
>> >> >>> >>
>> >> >>> >>
>> >> >>> >> --
>> >> >>> >> --
>> >> >>> >> Gichuki John Ndirangu, C.E.H
>> ,
>> >> C.P.T.P, O.S.C.P
>> >> >>> >> I.T Security Analyst and
>> Penetration
>> >> Tester
>> >> >>> >>
infosigmer@inbox.com
>> >> >>> >>
>> >> >>> >> {FORUM}
http://lists.my.co.ke/pipermail/security/
>> >> >>> >>
http://nspkenya.blogspot.com/
>> >> >>> >>
http://chuksjonia.blogspot.com/
>> >> >>> >>
>> >> _______________________________________________
>> >> >>> >> Skunkworks mailing list
>> >> >>> >>
Skunkworks@lists.my.co.ke
>> >> >>> >>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> >>> >> ------------
>> >> >>> >> Skunkworks Rules
>> >> >>> >>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> >>> >> ------------
>> >> >>> >> Other services @
http://my.co.ke
>> >> >>> >> Other lists
>> >> >>> >> -------------
>> >> >>> >> Announce:
>> >> >>> >>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> >>> >> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> >> >>> >> kazi:
>> >> >>> >>
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >> >>> >>
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > --
>> >> >>> >
>> >>
>> ----------------------------------------------------------------
>> >> >>> > Joshua Amolo
>> >> >>> > Cell: +254 720 263308/+255 783
>> 060052
>> >> >>> >
>> >> >>> >
>> >> >>> > Managing IT people is like
>> herding cats
>> >> >>> >
>> >> >>>
>> >> >>>
>> >> >>> --
>> >> >>> --
>> >> >>> Gichuki John Ndirangu, C.E.H ,
>> C.P.T.P,
>> >> O.S.C.P
>> >> >>> I.T Security Analyst and Penetration
>> Tester
>> >> >>>
infosigmer@inbox.com
>> >> >>>
>> >> >>> {FORUM}
http://lists.my.co.ke/pipermail/security/
>> >> >>>
http://nspkenya.blogspot.com/
>> >> >>>
http://chuksjonia.blogspot.com/
>> >> >>>
>> >> _______________________________________________
>> >> >>> Skunkworks mailing list
>> >> >>>
Skunkworks@lists.my.co.ke
>> >> >>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> >>> ------------
>> >> >>> Skunkworks Rules
>> >> >>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> >>> ------------
>> >> >>> Other services @
http://my.co.ke
>> >> >>> Other lists
>> >> >>> -------------
>> >> >>> Announce:
>> >> >>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> >>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> >> >>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >> >>>
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> "Change is slow and gradual. It requires
>> hardwork,
>> >> a bit of
>> >> >> luck, a fair amount of self-sacrifice and
>> a lot of
>> >> patience."
>> >> >>
>> >> >> Roy.
>> >> >>
>> >> >
>> _______________________________________________
>> >> > Skunkworks mailing list
>> >> >
Skunkworks@lists.my.co.ke
>> >> >
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> > ------------
>> >> > Skunkworks Rules
>> >> >
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> > ------------
>> >> > Other services @
http://my.co.ke
>> >> > Other lists
>> >> > -------------
>> >> > Announce:
>> >> >
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> > Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> >> > kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >> >
>> >> _______________________________________________
>> >> Skunkworks mailing list
>> >>
Skunkworks@lists.my.co.ke
>> >>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> ------------
>> >> Skunkworks Rules
>> >>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> ------------
>> >> Other services @
http://my.co.ke
>> >> Other lists
>> >> -------------
>> >> Announce:
>> >>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> >> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >>
>> >
>> >
>> >
>> >
>>
>>
>> --
>> --
>> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
>> I.T Security Analyst and Penetration Tester
>>
infosigmer@inbox.com
>>
>> {FORUM}
http://lists.my.co.ke/pipermail/security/
>>
http://nspkenya.blogspot.com/
>>
http://chuksjonia.blogspot.com/
>> _______________________________________________
>> Skunkworks mailing list
>>
Skunkworks@lists.my.co.ke
>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>> Skunkworks Rules
>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> ------------
>> Other services @
http://my.co.ke
>> Other lists
>> -------------
>> Announce:
>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>>
> _______________________________________________
> Skunkworks mailing list
>
Skunkworks@lists.my.co.ke
>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> ------------
> Skunkworks Rules
>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
> ------------
> Other services @
http://my.co.ke
> Other lists
> -------------
> Announce:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>
>
>
>