I kind of get what you are on about. I think that in most cases the most serious security breaches are down to social engineering, where someone is fooled into installing a piece of software, opening a port or giving out a password. Winning that battle is probably half of winning the war. 
I think it has to be a two pronged approach, where you secure the systems using tools and help people avoid being fooled into revealing information to unauthorized persons.

My 2c.



On Monday, August 4, 2014, Kinpro Computers-All IT soutions via skunkworks <skunkworks@lists.my.co.ke> wrote:
Teh teh.

Sound like you want us to investin in using hand hoe to win production
awards in grain markets.

NSA use tools, scipt kids use tools first to plan their security
breach, cars come compuerized for easy diagnosis.If a street mechanics
want me invest in tool box, eyes to see problem, and ears to analyze
noises on modern posh cars, i dont think it sounds serious.

If you cant notice then nowhere you can start to think,ask or plan on
something...that that you feel it exists.

why need to write un tested scripts to check every parameters just to
trace warning signs?

I thing you have to be aware of your environment by using tools,you
should also know limitations of your tools,then where you need scripts
and what would be appropriate.

--

Regards,
Nicholas Peter.*
Kinpro Computers.*
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

> Date: Mon, 4 Aug 2014 12:53:19 +0300
> From: Gichuki John Chuksjonia <chuksjonia@gmail.com>
> To: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke>,
>       Skunkworks Mailing List <skunkworks@lists.my.co.ke>,  "Security
>       Forum All information security discussions in Africa are done here
>       (Hacking, Decryptions, Security management, physical security,
>       Disastor Recovery, Security Assessments etc etc)"
>       <security@lists.my.co.ke>
> Subject: [Skunkworks] HACKING IS NOT ABOUT TOOLS
> Message-ID:
>       <CAF0qi-Ny9iF2uZviwA33MHv0B1OxhiS_YmeTzfzbUtZd52HvvA@mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> There is this notion i have seen with different Security Firms which
> believe as long as they have tools, they can do penetration testing
> for everyone. This is wrong, since real blackhat hackers, the ones
> whom are defending your clients from don't use automation to break
> into these infrastructures. Script Kids will do that, and if a
> Security Firm is doing that too, then you hired script-kids-company
> (quarks) too.
>
> I think its important people start doing things with passion
> especially with the service industry, get into extra miles, show these
> organizations how real blackhats will bypass restrictions and
> security, not nmap an metasplout snapshots. Lets stop failing our
> country, especially with Cyber Warfare already backing each door in
> our infrastructures.
>
>
>
> ./Chucks
>
>
> --
> --
> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
> I.T Security Analyst and Penetration Tester
> jgichuki at inbox d0t com
>
> {FORUM}http://lists.my.co.ke/pipermail/security/
> http://chuksjonia.blogspot.com/
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 4 Aug 2014 13:19:21 +0300
> From: Jangita Nyagudi <jangita.nyagudi@gmail.com>
> To: Gichuki John Chuksjonia <chuksjonia@gmail.com>,  Skunkworks
>       Mailing List <skunkworks@lists.my.co.ke>
> Cc: "Security Forum All information security discussions in Africa are
>       done here \(Hacking, Decryptions, Security management, physical
>       security, Disastor Recovery, Security Assessments etc etc\)"
>       <security@lists.my.co.ke>, KICTAnet ICT Policy Discussions
>       <kictanet@lists.kictanet.or.ke>
> Subject: Re: [Skunkworks] HACKING IS NOT ABOUT TOOLS
> Message-ID:
>       <CA+C-RFF2KTGhQ+uVpTKSN_uNeuFAent7akAnpCYJfmFWsvopQA@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> +1
>
>
> On 4 August 2014 12:53, Gichuki John Chuksjonia via skunkworks <
> skunkworks@mailman-prod.my.co.ke> wrote:
>
>> There is this notion i have seen with different Security Firms which
>> believe as long as they have tools, they can do penetration testing
>> for everyone. This is wrong, since real blackhat hackers, the ones
>> whom are defending your clients from don't use automation to break
>> into these infrastructures. Script Kids will do that, and if a
>> Security Firm is doing that too, then you hired script-kids-company
>> (quarks) too.
>>
>> I think its important people start doing things with passion
>> especially with the service industry, get into extra miles, show these
>> organizations how real blackhats will bypass restrictions and
>> security, not nmap an metasplout snapshots. Lets stop failing our
>> country, especially with Cyber Warfare already backing each door in
>> our infrastructures.
>>
>>
>>
>> ./Chucks
>>
>>
>> --
>> --
>> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
>> I.T Security Analyst and Penetration Tester
>> jgichuki at inbox d0t com
>>
>> {FORUM}http://lists.my.co.ke/pipermail/security/
>> http://chuksjonia.blogspot.com/
>>
>> _________________________________

_______________________________________________
skunkworks mailing list
skunkworks@mailman-prod.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke