Building A Pentest Program On A Shoestring Budget

Presented at RVAsec 2017, June 9, 2017, 2 p.m. (50 minutes).

You don’t have $85,000 laying around to bring in an external pentest vendor. Even if you did, you’re afraid your program is so full of holes you will be overwhelmed by the findings. Even worse, if they do a bad job and fail to get in, it will reinforce the organization’s false sense of security. What are your options; do nothing, continue worrying about the specter looming in the darkness? No, you pull together a rag tag group of spunky upstarts and get the job done yourself. No budget, no problem. In this talk, we’ll cover options that can fit into your standard operations, without having to beg for budget. Even if you are privileged with a strong budget, scheduled external pentests, and ongoing security operations, you can pick up some tips on how to integrate self-tests to validate the controls you implemented in your remediation process.


Presenters:

  • Grayson Walters - Virginia Department of Taxation
    Grayson Walters has over 20 years of Information Technology and Information Security experience. Currently, he serves as the Information Security Officer for the Virginia Department of Taxation. Previously, Grayson served as the Information Security Officer for the Virginia State Corporation Commission. His prior positions include leading the security engineering branch of a Richmond based IT consulting firm where he oversaw penetration testing, security policy development and security product implementation activities for dozens of clients. Grayson also served as the Lead Network Architect for Standing Joint Force Headquarters – Homeland Security after his enlistment in the US Navy. Grayson currently serves on the Commonwealth Information Security Council, and recently served on committees sponsored by the Office of the Director of National Intelligence, and Homeland Security. Grayson holds an M.S. in Computer and Information Systems Security from Virginia Commonwealth University and a B.S. in Computer Information Systems Security from Strayer University.

Links:

Similar Presentations: