- This event has passed.
Rethinking Penetration Testing – Mike Saunders
October 20, 2023 @ 10:00 am – 10:50 am MDT
I believe current model for traditional penetration testing is broken. The typical scan and exploit model doesn’t reflect how real attackers operate after establishing a foothold. Many organizations aren’t mature enough to need or benefit from a proper red team assessment. Organizations are often unsure how to approach a Purple Team.
In this talk, I’ll discuss some of the differences between red teaming, assumed breach testing, and purple teams, highlight the strengths and shortcomings of each, provide guidance to help organizations understand which test is right for them, and provide questions they should be asking themselves and their consultants during the initial contact and scoping phases.
Mike Saunders, Red Siege principal consultant, has worked in the ISP, financial, insurance, and agribusiness industries. He has held a variety of roles in his career including system and network administration, development, and security architect and has been performing penetration tests for over a decade. Mike is an experienced speaker, speaking at conferences such as DerbyCon, WWHF, Circle City Con, regional BSides, SANS Enterprise Summit, the NDSU Cyber Security Conference, and SANS and Red Siege webcasts.