Pen Testing, Part 1 w/ Dmitry Zagadsky – SCW #56

The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we’re going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching “PCI” context to this discussion. Visit for all the latest episodes!

Full Episode Show Notes

Pen Testing, Part 1 w/ Dmitry Zagadsky

Dmitry’s Bsides Boston talk, “Don’t End Up With a Pencil: Tips for Shopping Pen Tests” –

Jeff’s talk, “Do We Still Need Pen Testing?” from CircleCityCon 2015 –

NIST SP800-115, Technical Guide to Information Security Testing and Assessment” –

The Penetration Testing Execution Standard (PTES) –

PCI Security Standards Council’s Penetration Testing Guidance


Jeff Man
Jeff Man – Sr. InfoSec Consultant
Josh Marpet
Josh Marpet – COO
Liam Downward
Liam Downward – CEO
Scott Lyons
Scott Lyons – CEO


Dmitry Zagadsky
Dmitry Zagadsky – AVP IT Security