Pen Testing VS Red Teaming and how to get more from your pen test reports

Presented at Kernelcon 2019, April 5, 2019, 4 p.m. (50 minutes).

What is the difference between a penetration tester and a person on a red team? Why does it matter? Are you getting the most out of your penetration reports? Clearly identifying what our role is, and how we explain our investigations, is how we justify our position. Are we just checking a box in an audit, just pointing out weaknesses, or are we improving the corporation's security posture while providing value? In this talk, I will discuss the major differences between penetration testers and red teams, how each effects a corporation, how each acts differently, the importance of each, how to improve your penetration tests reports, and why they need to be improved.

Presenters:

• Sampson Chandler - RSA
  As a Senior Analyst at RSA Security, Sampson Chandler has helped numerous clients during audits, penetration tests, vulnerability scans, and improved the security posture of many fortune 500 companies including the DoD.

Links:

• https://2019.kernelcon.org/agenda#ptvsrt

Similar Presentations:

• DEF CON 16 (2008) / Pen-Testing is Dead, Long Live the Pen Test
• Notacon 8 (2011) / Strategic Penetration Testing - Changing the way we hack
• DerbyCon 3.0 All in the Family (2013) / Seeing red in your future?