PMR - PT & VA Management & Reporting

Presented at DEF CON 30 (2022), Aug. 13, 2022, noon (115 minutes)

PMR (PTVA Management & Reporting) is an open-source collaboration platform that closes the gap between InfoSec Technical teams and Management in all assessment phases, from planning to reporting. Technical folks can focus on assessment methodology planning, test execution ,and engagement collaboration. Whereas management can plan engagements, track progress, assign testers, monitor remediation status, and escalate SLA breaches, this is an All-in-One fancy dashboard. The main features are: A) *Asset Management* which allows IT asset inventory tracking with system owner contacts. B) *Engagements Management & Planning* that enable security testers to follow a test execution roadmap by creating a new testing methodology or follow execution standards such as NIST, PTES or OWASP. It definitely will keep pentesting engagements and projects more professional. Also, it enables collaborative testing, gathering information and evidence uploading. C) *Report Automation* that automates boring tasks such as writing technical reports and validation reports. Generating a PDF report that is ready to share with clients and management can be accomplished with one-click. D) *All-in-One Dashboard* that will keep executives and management up-to-date with the organization's security posture. The dashboard components are: - High level of current vulnerabilities. - Engagement progress. - Remediation Status. - Track SLA breaches. -Monitoring risk exceptions. Audience: Security professionals, Vulnerability Analysts , AppSec, Offense, Risk Management

Presenters:

• Abdul Alanazi
  Abdul Alenazi is a penetration testing technical manager @SabrySecurity, a founding member of Sabry InfoSec, with nearly 8 years of experience in pentesting. Prior to joining Sabry, he has worked as a Penetration Testing Consultant at Booz Allen Hamilton, HYAS infoSec, ManTech and other Global & Local Companies. Abdul has completed MASc in Computer Engineering with focus on Applied Network Security & Machine Learning at @UVIC.ca. He has also published academic research on Botnet Detection. In his free time, he enjoys coding and investigating open source security tools. Twitter: @alenazi_90
• Musaed Bin Muatred
  Musaed Bin Muatred: is a Threat Intelligence expert with +8 years of experience in the field of cyber defence. He holds more than 10 certifications and MSc in Computer Science. Also, he has extensive experience in DFIR, threat hunting and reverse engineering

Similar Presentations:

• BSidesLV 2023 / Towards Effective & Scalable Vulnerability Management
• AppSec USA 2015 / Training (1 day): Risk Management Like a Boss: Making Your Risks Work for You
• SOURCE Seattle 2017 / Minimum Viable Risk Management Program