Kevin, James and I discuss why penetration testing reports are
often so worthless
Kevin and I disagree. Then we agree, sort of.
We discuss the major differences between the 'builder' and
'breaker' mindset, and whether they're actually
Kevin gives some fantastic examples of how context and
experience is critical in penetration testing
We provide guidance no how someone can 'break into' (no pun
intended) penetration testing and be effective
Kevin gives an example of how someone can be a great
penetration tester, but be of little value beyond that
We wrap by disussing how enterprises can gain value from
penetration testing- and Kevin provides an interesting
Kevin Johnson ( @SecureIdeas
) - Kevin Johnson is the Chief Executive Officer of
Ideas. Kevin has a long history in the IT field including
system administration, network architecture and application
development. He has been involved in building incident response and
forensic teams, architecting security solutions for large
enterprises and penetration testing everything from government
agencies to Fortune 100 companies. In addition, Kevin is an
instructor and author for the SANS Institute and a faculty member
at IANS. He is also a contributing blogger at TheMobilityHub.
Kevin is also very involved in the open source community. He
runs a number of open source projects. These include SamuraiWTF; a
web pen-testing environment, Laudanum; a collection of injectable
web payloads, Yokoso; an infrastructure fingerprinting project and
a number of others. Kevin is also involved in MobiSec and SH5ARK.
Kevin was the founder and lead of the BASE project for Snort before
transitioning that to another developer.
Security. Some assembly required.
Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.
This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's SecurityWeek column: http://www.securityweek.com/authors/rafal-los