This topic contains 1 reply, has 2 voices, and was last updated by Stormkrieg 1 month, 2 weeks ago.
- March 3, 2021 at 12:47 pm #368783
I just got off the phone chatting with a friend about the security of their website. After helpfully suggesting a couple scans and pen tests they (or I) could do on the website, they got paranoid and assumed I was attempting to black hat the client, which I calmly explained was not my intention, and that I was only trying to help.
Does this happen to any of you? Any time I try to get my non-coder friends to run even simple programs, or open up a terminal window on their machine, they mentally collapse and assume I have malicious intent. Maybe a better question is: How do you compose yourself when you are attempting to educate an adversary about your work? In an industry seen by non-hackers as full of mal-intent, how can I convey that I have good intentions?
- March 3, 2021 at 12:47 pm #368785
I think it’s a bit of a red flag that your “friend” assumes you are doing something malicious. To me that speaks to you not being a very trustworthy person. So I’d probably start there.
- March 3, 2021 at 12:47 pm #368786
Maybe start by not viewing your friends and clients as adversaries
- March 3, 2021 at 12:47 pm #368787
The longer you speak, the less trust you build. Tell your friend that their website has significant issues and that they need to make an investment of time or money to fix them. You can help if they don’t have the time.
- March 3, 2021 at 12:47 pm #368784
I’m going to come at this from a different perspective. If you’re not the only one qualified to help them, why would they trust you? For example, if you look at someone and say, you can do this audit yourself you just have to open terminal and install this package, then run this command. What do you think might go through their mind? Maybe it’s: why are they asking me to do this when they could do it themselves? In my experience, clients want YOU to TELL THEM what needs done, then do it. They would rather never even touch the terminal, and instead just get the result. By giving a client more knowledge by trying to show them ‘behind the scenes’ you may be unintentionally scaring them away. Security is a highly sensitive field, your clients will NOT be experts in it (or they wouldn’t need you). Treat them in a way that reflects that, you need to put their fears of the unknown to rest and instill trust in you and the service that you’re proposing to them.
Be genuine, remain confident in what you do, and don’t let these experiences get you down.
You must be logged in to reply to this topic.