Anybody can be a security auditor apparently

tiersten

This thread is just facepalm. Did the auditor do security for Sony previously or something??

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

RobertKaucher

That's not an auditor, that's an attacker.

some guy

RobertKaucher wrote: »

That's not an auditor, that's an attacker.

+1 to that.

cyberguypr

That is an excellent read.

Love the OP's big WINs:

"I got fed up being diplomatic and directed him to this thread ... I'd actually forgotten I'd called him an idiot in the title" HAHAHAHA!!!

"PCI SSC have responded and are investigating him and the company"

colemic

wow. Speaking as an auditor, we would NEVER ask for that, and if it is social engineering, he is really toeing the line from an ethical perspective.

One of the comments summed it up pretty good - auditors evaluate system states, business processes, and policies and procedures, and if they are being followed. While we ask for a certain amount of 'sensitive' information is is always done - and provided - securely.

Zartanasaurus

lol@ a database of plain-text passwords. Guy is probably making over 6 figures too. I'm in the wrong line of work.

tpatt100

I am tempted to call b.s. because I am not sure what standard he is using to be asking for those things. I have a cross reference chart for ISO to NIST to Diacap,etc and I am kind of confused as to how somebody would even come close to thinking they need those things???

I think a problem is i think people who have the organizational skills to be an auditor are usually not technical and the people who have the technical skills to perform a proper audit lack the organizational skills to do one properly.

shaqazoolu

Wow. What a tool. I'm surprised the admin guy kept his cool so well. After the second email where peckerhead insults my competence, I'm blowing a gasket. Dude needs to crack a book.

powerfool

Geez, I would feel bad for insulting everyone here's intelligence if I even began to point out all of the BS there. Fan-effing-tastical!

Can someone drop him a line to hashing algorithms on Wikipedia?

Nevermind...