SANS Penetration Testing

RSA Flash Talk: Top 5 Reasons It's GREAT To Be a Pen Tester...

By Ed Skoudis

Last week at RSA, I presented a Flash talk called "The Top 5 Reasons It's Great To Be a Pen Tester... And How You Can Help Fix That Problem." For those unfamiliar with the Flash talk format, presenters are required to have exactly 20 slides, and they get exactly 20 seconds per slide, auto-advanced. As a presenter, it's not for the feint of heart, as that 20-second timer is a ruthless mistress. Additionally, the fine folks at RSA also asked for our talks to be fun, engaging, and to... you know... have a point. Always a glutton for punishment, I gladly accepted their invite.

The resulting slides are available here. The presentation is my tongue-in-cheek quirky take on what I think to be a really significant problem in the penetration testing space — The Rise of the Really Crappy Pen Test, as some (not all) penetration testers aren't focused on delivering high-quality valuable results in their work. I've written about this problem in a variety of fora, including on this blog with my article "Maximizing Value in Penetration Tests." In countering this problem, I'm really fond of the efforts of the folks working on the Penetration Testing Execution Standard, with their focus on transparency, technical excellence, quality, and providing real business value. In fact, slides 11 and 12 of my Flash talk focus on these principles embodied by PTES.

Additionally, as you read through these slides, you'll get to see me with a woman's girdle on my head (Slide 3), an attempt at a smoldering look (as in the movie Tangled, Slide 4), and my best Jack Nicholson Shining impersonation (Slide 16). Photo credit goes to my darling 14-year-old daughter, Jessica, who I am sure is scarred for life after the photo shoot. She's also the one who drew the "Monkey throwing poo" figure on Slide 6. What a great kid!

By the way, if you are interested in building your skills for providing high-value penetration tests, please consider taking my SANS Security 560 course, which I'll be teaching at SANS Orlando March 25 to 30, SANS Cyber Guardian in Baltimore April 30 to May 5, and SANS Denver June 4 to 9.

Thank you!


Post a Comment


* Indicates a required field.