Last week's New York Times had an interesting article (Who Needs Hackers?) on the differences between a network architecture failure and the more sensationalized "Hollywood" hacker attacks.

"We don’t need hackers to break the systems because they’re falling apart by themselves," said Peter G. Neumann . . . Steven M. Bellovin, a professor of computer science at Columbia University, said: "Most of the problems we have day to day have nothing to do with malice. Things break. Complex systems break in complex ways."

What sounds more interesting to you: hold a briefing that says "nasty hackers infiltrated the airline's reservation system and wreaked havoc" or the "DMZ was improperly isolated at layer 2 and rapid MAC address flooding from a bargain NIC caused the switches to fail?" In the former, the organization can blame the "evil-doers"; in the latter, the problem is a lack of proper planning.

You may find it odd that as an information security company that performs penetration testing, we're pointing out an article that says "hey, hackers might not be your #1 issue." Yes, you may find it odd, until you realize that we offer--and have offered, since day one--network infrastructure design and audit services. Ah yes, I can hear the cash register "ding" from across the office.

Friends (and potential customers), the truth is that without a solid review of your foundation, a penetration test alone will not provide you with the most accurate view of your organization's security posture. Let us pour through your massive stack of Visio diagrams and router ACL's and we'll provide effective and thoughtful optimization recommendations.