The State of Penetration Testing – PSW #631

Penetration testing has evolved quite a bit in the past year. As defenses shift, and in some cases get much better, attack techniques and landscapes have changed as well.

– What has changed in the past year with regards to penetration testing?
– What is adversary simulation? What are the benefits? Is the offering and consumption of this service an indication that organizations are getting better at building effective security programs?
– How has the increased popularity of breach and attack simulation tools impacted penetration testing?
– Has the MITRE attack framework impacted penetration testing? If so, how?
– Many advanced penetration testers seem to be keeping their tools private as to avoid detection by endpoint security products. Is this happening, and if so what is the impact? Should we share more? Less?
– With so many tools available today for penetration testing, what can blue teams and internal red teams do to prep for an external penetration test?

Visit for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

The State of Penetration Testing


Jason Albuquerque
Jason Albuquerque – CIO & CSO
Jeff Man
Jeff Man – Sr. InfoSec Consultant
Joff Thyer
Joff Thyer – Security Analyst
Larry Pesce
Larry Pesce – Senior Managing Consultant and Director of Research
Patrick Laverty
Patrick Laverty – Security Consultant
Paul Asadoorian
Paul Asadoorian – Founder & CTO
Tyler Robinson
Tyler Robinson – Managing Director of Network Operations


Christopher Hadnagy
Christopher Hadnagy – Chief Human Hacker
David Kennedy
David Kennedy – Co-Founder/CTO
Ed Skoudis
Ed Skoudis – Faculty Fellow
Joe Gray
Joe Gray – Senior OSINT Specialist
Tom Liston
Tom Liston – Lead Instructor
Ira Winkler
Ira Winkler – Lead Security Principal