Preview Mode Links will not work in preview mode

May 13, 2013

In this episode...

  • Kevin, James and I discuss why penetration testing reports are often so worthless
  • Kevin and I disagree. Then we agree, sort of.
  • We discuss the major differences between the 'builder' and 'breaker' mindset, and whether they're actually different people
  • Kevin gives some fantastic examples of how context and experience is critical in penetration testing
  • We provide guidance no how someone can 'break into' (no pun intended) penetration testing and be effective
  • Kevin gives an example of how someone can be a great penetration tester, but be of little value beyond that
  • We wrap by disussing how enterprises can gain value from penetration testing- and Kevin provides an interesting strategy


  • Kevin Johnson ( @SecureIdeas ) - Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is an instructor and author for the SANS Institute and a faculty member at IANS. He is also a contributing blogger at TheMobilityHub.  Kevin is also very involved in the open source community. He runs a number of open source projects. These include SamuraiWTF; a web pen-testing environment, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.