Evolving PenTesting to Create Measurable Defensive Improvement

Evolving PenTesting to Create Measurable Defensive Improvement 150 150 Drummond Group

For ages, the industry has tried time and time again to improve its ability to defend by battening down the hatches. We have relied on playing vulnerability “whack-a-mole” and realized that even the most secured and patched system can be used in a full-scale attack. As a response, we have attempted to create better sparring partners to attack the environments and bring light to ways to sink the ship. While that approach has had limited success it still does not scale to the rapid deployment and expansion of today’s enterprise. Combined with the growing shortage of testing talent, this method will have to change in order to break through the barrier of testing debt. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters.
In this talk we will discuss the aging strategies of Penetration Testing and the evolution of value. No more scan based reports. No more waiting to finish the engagement before improvement begins. No more secrets. It is time we change the strategy to work as a team and end the engagement more secure than we started, EVERY TIME.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.