Back To Schedule
Saturday, March 28 • 4:00pm - 4:30pm
What to expect when you are expecting a pen test

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Pen Tests. We all do them. The regulators require them. The board wants to see them. They are taking more time, more resources, and more effort. So how do we move from just ticking a box and saving a report, to a test that creates value and moves the needle on security and your security program as a whole? This talk starts from the basic premise that you are doing a test, and walks through from inception, planning, execution, followup and remediation to lay out the pitfalls and traps that are waiting, and how to avoid them. 

Additional content for reviewers (omit from abstract online and in print) 

This talk has been given to FS-ISAC conferences and has been well received. In the talk I go through what pen testing is, what pen testing is not, how to get a good pen test, what to put in contracts, rules of engagement, how to work with pen testers, and how to manage results from a pen test to get successful remediation.



Tony Drake

Tony Drake has nearly 25 years of experience in systems administration and security in environments ranging from Fortune 500 manufacturing to financial services.

Saturday March 28, 2020 4:00pm - 4:30pm EDT
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA