Mamma Don't Let Your Babies Grow Up to be Pen Testers - (a.k.a. Everything Your Guidance Counselor Forgot to Tell You About Pen Testing)

Presented at DEF CON 19 (2011), Aug. 5, 2011, 4 p.m. (50 minutes)

Always wanted to be a 1337 penetration tester capable of deciphering Kryptos while simultaneously developing your own custom 0-days? Then this is NOT the talk for you. We will however make you laugh by presenting an honest look at the life and times of a penetration tester today. We promise to open your eyes to aspects of the job you may have not considered before (at least we hadn't considered them before we started). Drawn from personal experience, this talk will focus on the myths and realities of penetration testing as a "for-sale" service. We love being penetration testers but we're pretty sure the guidance counselor forgot to mention there was a dark side to all the fun. We got the job with a little knowledge, a couple of lamer exploits, and high expectations. We expected firewalls and IDS to be the only thing standing between us and our beloved shells, but it turns out something far more sinister waited for us. Deadlines, timelines, reporting, scope, budgets, and chubby fingers quickly reared their ugly heads and threatened to smash our dreams. Like all PT'ers before us, we soon found out how important each of these topics are and what a critical role they play in our day-to-day activities. Join us for a unique and humorous 20-minute presentation as we air the dirty laundry about the mechanics of penetration testing and open your eyes to the untold aspects of best job on earth.


  • Dr. Josh Pauli - Dakota State University
    Dr. Josh Pauli is an Associate Professor of Information Assurance at Dakota State University in Madison, SD where he teaches graduate and undergraduate courses in web and software security. His background is in software engineering and information systems. Dr. Pauli first attended DEF CON 16 (friggin' n00b) and was hooked immediately - he has spent every waking moment since then trying to figure out how to inject DEF CON into DSU's security program and bring his students to DEF CON 19 and beyond! Twitter: CornDogGuy
  • Dr. Patrick Engebretson - Dakota State University
    Dr. Pat Engebretson is an Assistant Professor of Information Assurance at Dakota State University in Madison, SD. He teaches graduate and undergraduate classes in penetration testing, operating system security, and programming. Dr. Engebretson also serves as a Senior Penetration Tester for a Security consulting company in the Midwest. Before returning to academia, Dr. Engebretson spent 5 years as a Network Security Office for a financial institution. He recently published a book on the basics of hacking and penetration testing for Syngress and he works non-stop to weave past experiences into the classroom, integrate hands-on material, and open his student's eyes to the wonders of DEF CON. Twitter: pengebretson