Latest news
Professional penetration testing is about helping the client better understand and secure their network and systems. We are not there to make them secure their network - that is a business decision that the client's management needs to make for themselves. Because we are simply an audit tool in the eyes of our client's management team, it can be frustrating to see our remediation suggestions ignored; but that is how business works.
I would also like to explain that penetration testing is a lot of work, and involves a lot of research and learning. Keeping up with security trends, reading about the latest exploits, setting up a lab and recreating exploits, and documenting findings can be taxing on a person's time, especially if one wants to maintain their skills and be an asset to the team.
How long did it take you to write Professional Penetration Testing: Creating and Operating a Formal Hacking Lab? What was the writing process like?
The book took about a year from inception to print; however the training videos on the accompanying DVD had already been developed as part of the online classes at Heorot.net. The book was originally intended to support the training on the DVD, but it took on a life of its own. I ended up writing the book more as a college textbook, that would take the reader from conception to conclusion of a professional penetration test. The impetus behind writing the book in this manner was that I needed a solid textbook to use in my own college classroom at Colorado Technical University, where I teach students how to conduct a professional penetration test. As a result, the book and DVD can be used independently from each other, or together to provide a deep understanding of penetration testing and methodologies.
What new things did you learn while writing the book? How did the technical reviewers help shape the material?
Jan Kanclirz, my technical editor, was extremely helpful in strengthening different aspects of the book. It is a great benefit to having multiple inputs into any project, especially a book. Everyone tends to get myopic when working on a specific task, which is why I promote a more agile approach to projects, not just writing books.
What are your future plans? Any new books in the works?
I am a big believer in giving back to the hacker community, and plan on writing more, offer more security training classes, as well as expand on my current Open Source projects. I feel that hacking in general, and penetration testing specifically, are worthwhile causes that need more positive media attention. We'll see what comes of that in the near future.
Spotlight
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
To hack back or not to hack back?
Posted on 12 June 2013. | If you think of cyberspace as a new resource for you and your organization, it makes sense to protect your part of it as best you can. But is it a good idea?
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
