scw56

Security and Compliance Weekly Episode #56 – December 15, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Pen Testing, Part 1 w/ Dmitry Zagadsky – 12:00 PM-12:30 PM

Announcements

  • We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!

Description

The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we’re going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching “PCI” context to this discussion.

Dmitry’s Bsides Boston talk, “Don’t End Up With a Pencil: Tips for Shopping Pen Tests” – https://youtu.be/Wr4UxdUa2aI

Jeff’s talk, “Do We Still Need Pen Testing?” from CircleCityCon 2015 – https://youtu.be/R13Bo8l9M5M

NIST SP800-115, Technical Guide to Information Security Testing and Assessment” – https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf

The Penetration Testing Execution Standard (PTES) – http://www.pentest-standard.org/index.php/Main_Page

PCI Security Standards Council’s Penetration Testing Guidance https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf?agreement=true

Guest(s)

Dmitry Zagadsky

Dmitry Zagadsky –

AVP IT Security at Financial Institution in RI

Dmitry is currently in charge of security operations at a Financial Institution in RI. After getting started at an early age, he has spent the past 20 years in IT and security operations at various organizations focusing on elegant systems designs and a positive user experience. He holds a CISSP and a never-ending desire for knowledge.

Hosts

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

JoshMarpet

Josh Marpet –

COO at Red Lion

LiamDownward

Liam Downward –

CEO at CYRISMA

ScottLyons

Scott Lyons –

CEO at Red Lion

2. Pen Testing, Part 2 w/ Dmitry Zagadsky – 12:30 PM-01:00 PM

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

We’ll continue our discussion of penetration testing. In this segment, we’ll talk about the right reasons to have a penetration test performed, the impact (for better or worse) of the PCI requirement for annual penetration testing, and how to get the most out of your penetration testing results.

Penetration Testing Roundtable, PSW #500 – https://youtu.be/h6cMojWO8qs

The State of Penetration Testing Panel, PSW #677 – https://youtu.be/mYzZoUXz7a4

Guest(s)

Dmitry Zagadsky

Dmitry Zagadsky –

AVP IT Security at Financial Institution in RI

Dmitry is currently in charge of security operations at a Financial Institution in RI. After getting started at an early age, he has spent the past 20 years in IT and security operations at various organizations focusing on elegant systems designs and a positive user experience. He holds a CISSP and a never-ending desire for knowledge.

Hosts

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

JoshMarpet

Josh Marpet –

COO at Red Lion

LiamDownward

Liam Downward –

CEO at CYRISMA

ScottLyons

Scott Lyons –

CEO at Red Lion