Hack the Planet... Step 1, Step 2, Step

Presented at A New HOPE (2022), July 23, 2022, 10 a.m. (50 minutes).

Penetration testing has existed as a cyber security assurance activity for many years. Although frequently used, the phrase lacks clear definition and is often misunderstood. For many individuals, phrases such as security auditing, penetration testing, vulnerability analysis, ethical hacking, and red teaming all mean the same thing.

CREST has been accrediting penetration testing companies since 2006 and by the end of 2021, it had assessed more than 250 organizations that deliver penetration testing services around the globe. During this time span, the expectations around what a penetration test is have evolved. In parallel, the toolsets, platforms, and delivery methods that can be used to provide penetration tests have changed significantly. Over the past 15 years, the number of organizations across the globe that procure penetration tests has increased markedly and, accordingly, it is CREST's considered opinion that there is increased need to define a set of minimum expectations that should be associated with a penetration test.

This session will shed light on the snake oil in the industry. War stories will provide suggestions on how to work in the industry and help you be commercially defensible.


Presenters:

  • Tom Brennan
    **Tom Brennan** leads the U.S. arm of CREST International and works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate. He is a U.S. Marine veteran and is currently the chief information officer of the national law firm Mandelbaum Barrett, where he oversees critical infrastructure, privacy, and security operations.
  • Joaquin Paredes
    **Joaquin Paredes** is the leader of the Offensive Security practice at VerSprite with more than 15 years of experience in cyber security consulting. He has performed adversarial security testing for some of the largest global companies in diverse industries, including retail, financial, tech and healthcare among others. Joaquin leads his team by pushing the boundaries of pentesting methodologies. The team emulates real-life attacks with each exercise by practicing offensive techniques, a risk-based manual testing approach, and adopting a creative, criminal mindset.

Links:

Similar Presentations: