Abstract

You don’t have $85,000 laying around to bring in an external pentest vendor. Even if you did, you’re afraid your program is so full of holes you will be overwhelmed by the findings. Even worse, if they do a bad job and fail to get in, it will reinforce the organization’s false sense of security. What are your options; do nothing, continue worrying about the specter looming in the darkness? No, you pull together a rag tag group of spunky upstarts and get the job done yourself. No budget, no problem. In this talk, we’ll cover options that can fit into your standard operations, without having to beg for budget. Even if you are privileged with a strong budget, scheduled external pentests, and ongoing security operations, you can pick up some tips on how to integrate self-tests to validate the controls you implemented in your remediation process.