Stephen Northcutt said this quote
“ Fewer than one in twenty security professionals has the core competence and the foundation knowledge to take a system all the way from a completely unknown state of security through mapping, vulnerability testing, password cracking, modem testing, vulnerability patching, firewall tuning, instrumentation, virus detection at multiple entry points, and even through back-ups and configuration management. ”