Penetration Testing – But Why?

I once again tried my sketchnoting skills. In blue are findings from the paper, red are my own remarks.

I am a penetration tester – a legal, ethical hacker. But I am more comfortable with calling myself a security tester or a security analyst, or a SecDevOps professional.

The most common distinction between vulnerability assessment and penetration testing is that the former is automated and the latter manual. However, that’s an over-simplification. Reading this excellent research paper (“Does penetration testing need standardisation?”, Knowles, Baron, McGarr, 2015), the delivery of penetration testing services are of varying type and quality. Specifically communicating and fixing the findings often fall short. And truly  – isn’t fixing the issues the whole point?

Continue reading “Penetration Testing – But Why?”

Sketchnoting – getting out of the comfort zone

In the beginning of this week I had the opportunity to attend and speak at Testing Cup in Poland! For the third time I did my talk about the GDPR and the 100 year old boat accident that almost killed my great grandfather, and it’s really interesting how I get all these different kinds of questions with different audiences. Continue reading “Sketchnoting – getting out of the comfort zone”