October 25, 2022
Joe Sarkisian, OSCP, GWAPT, GCPN
Lead Penetration Tester
Location: Utah Valley Convention Center, Provo, Utah
Joe will be speaking on the topic of Whatever Happened Last Time, It Wasn’t a Penetration Test on Tuesday, October 25th at 2:30PM.
As a penetration tester, I have lots of awkward conversations when a client has misguided assumptions about their security. One of the most awkward is when we complete our testing and have a laundry list of low-hanging fruit that needs to be fixed that previous vendors never brought up. This leads to fear, uncertainty, and doubt, often resulting in one or more of the following:
- But we let you in
- That’s not a realistic scenario
- Our MSSP would have stopped you
- This report does not adequately reflect our environment
- But we’re tracking that issue
- Yeah, but we have a NAC solution
- Our report was clean last year
- Why didn’t the previous vendor find this?
Clearly, whoever was hired to do this last time failed to adequately explain why we do what we do. Offensive security practitioners need to do a better job at partnering with clients to enable them to make security a part of the business that helps it function better, not a cost center that is seen as a burden. Our job is not to play gotcha, it is to help security teams build trust within their organizations that will holistically create a secure environment for all.
If you want to hear more about the what, why, and how we do what we do, how to spot the good vs. the bad penetration test report, what a pen test is/is not meant to be, and so much more, this is the talk for you!Back to Events