Kevin, James and I discuss why penetration testing reports are
often so worthless
Kevin and I disagree. Then we agree, sort of.
We discuss the major differences between the 'builder' and
'breaker' mindset, and whether they're actually
Kevin gives some fantastic examples of how context and
experience is critical in penetration testing
We provide guidance no how someone can 'break into' (no pun
intended) penetration testing and be effective
Kevin gives an example of how someone can be a great
penetration tester, but be of little value beyond that
We wrap by disussing how enterprises can gain value from
penetration testing- and Kevin provides an interesting
Kevin Johnson ( @SecureIdeas
) - Kevin Johnson is the Chief Executive Officer of
Ideas. Kevin has a long history in the IT field including
system administration, network architecture and application
development. He has been involved in building incident response and
forensic teams, architecting security solutions for large
enterprises and penetration testing everything from government
agencies to Fortune 100 companies. In addition, Kevin is an
instructor and author for the SANS Institute and a faculty member
at IANS. He is also a contributing blogger at TheMobilityHub.
Kevin is also very involved in the open source community. He
runs a number of open source projects. These include SamuraiWTF; a
web pen-testing environment, Laudanum; a collection of injectable
web payloads, Yokoso; an infrastructure fingerprinting project and
a number of others. Kevin is also involved in MobiSec and SH5ARK.
Kevin was the founder and lead of the BASE project for Snort before
transitioning that to another developer.
Take a step outside the echo chamber - gain some perspective and context.
Welcome to Cybersecurity: An immature industry where we mandate impossible-to-remember complex passwords that change every 30 days - and call that security. It's an industry where everyone is an expert, but no one's actually solved anything... weird right?
This show is focused on the many aspects of cybersecurity - from professional to leadership, technical to abstract. We look to entertain you while filling your brain with expertise and knowledge from all corners of our industry and beyond. You can expect security experts, policy professionals, and people from outside our own "security bubble" because frankly, our echo chamber needs some perspective.
Join us, subscribe, and share in the conversation.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's @Medium blog at https://medium.com/@BlogWh1t3Rabbit