• LOGIN
  • No products in the cart.

During this course you will learn the major aspects of the penetration testing process that provides the most value to a security technician’s organization to improve its overall security posture. Much more goes on behind the scenes after the pentest report is delivered to various elements of the information security team, including the CISO. It’s important that the pentest is conducted and formatted in a manner in which senior leadership can make business decisions as a result of the pentest.

During this course you will learn the major aspects of the penetration testing process that provides the most value to a security technician’s organization to improve its overall security posture. Much more goes on behind the scenes after the pentest report is delivered to various elements of the information security team, including the CISO. It’s important that the pentest is conducted and formatted in a manner in which senior leadership can make business decisions as a result of the pentest.
You will learn:

  • Steps, tips and different ways of how to describe your work in an efficient way,

  • How to create good presentation: what should it contain and what to avoid,

  • How the PenTest results will be used to reduce risk to the organization,

  • How to convert Technical Speak into Business Talk.

18CPE CREDICTS
THE COURSE IS SELF-PACED

LAUNCH DATE: JANUARY 17TH


You will learn:

After completing this course the you will be able to:

  • Understand how to set expectations for the CISO before conducting a PenTest.
  • Understand how to communicate PenTest results to the CISO and senior leadership.
  • Understand how to present recommended remediation actions to the CISO and senior leadership.
  • Understand how the PenTest results will be used to reduce risk to the organization.

You will need:

  • Anyone can join this course who want to gain a better understanding from a CISO perspective.
  • There are no technical requirements needed for this course.
  • Any operating system that can support Microsoft Windows and PowerPoint will suffice.

Before you join you should know:

  • The student should have an in-depth knowledge of pentest fundamentals.
  • This course is designed for security technicians who either conduct pentests or coordinate pentests on behalf of their organization.
  • It is assumed the student has extensive knowledge and experience in conducting pentests and developing pentest reports.


Course Syllabus:


Module 1:  Expectations

Module 1 Description: Setting expectations for the CISO before conducting a PenTest

Module 1 Covered Topics:

  • PenTest Value to the Organization

    • Business Objectives

    • Business Challenges

    • Expectations

  • Understanding the Scope of the PenTest

    • Legal Restrictions

    • Ethics

  • Defining the Goals and Success of a PenTest

    • Threats

    • Attack Targets

    • Characteristics of a PenTest that Constitutes Success


Module 2:  Recommendations

Module 2 Description: Presenting recommended remediation actions to the CISO and senior leadership

Module 2 Covered Topics:

  • Converting PenTest Report Vulnerability recommendations into Risk Mitigation recommendations


Module 3: Reducing Risk

Module 3 Description: Understanding how the PenTest results will be used to reduce risk to the organization

Module 3 Covered Topics:

  • Implementing mitigating security controls

  • Measuring effectiveness of security controls

  • Defining metrics

  • Preparing to do it all over again


Module 4: Communicating

Module 4 Description: Communicating PenTest results to the CISO and senior leadership

Module 4 Covered Topics:

  • Typical PenTest Report

    • Formats

    • Contents

  • Converting Vulnerabilities to Risk

    • Who Conducts the Risk Analysis

    • Security Risk Models

  • Associating Risk to Business Objectives

    • Prioritizing Risks

    • Converting Technical Speak into Business Talk 


Your Instructor: Tony Buenger (CISSP, CISM, CGEIT, C|CISO)

tonyOver the past 25+ years, Tony Buenger has had the opportunity to work at progressively complex organizational levels, with increasing responsibilities involving the information technology (IT), enterprise architecture, and cyber security fields. He has fulfilled the roles of information security architect, information security engineer, information security risk analyst, information security auditor, information security consultant, and Chief Information Security Officer (CISO).

Tony is currently a CISO for a major hospital system in the United States. He previously worked as a senior information security analyst and certifying authority for U.S. Air Force information technology systems.

More information can be found at www.vigilantraven.com and www.linkedin.com/in/tonybuenger

Course Reviews

N.A

ratings
  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

TAKE THIS COURSE
  • $189.00
  • UNLIMITED ACCESS
  • Course Certificate
599 STUDENTS ENROLLED
  • Profile photo of Anna Kondzierska
  • Profile photo of Marta Sienicka
  • Profile photo of Timocom
  • Profile photo of Marta Strzelec
  • Profile photo of joanna_kretowicz
  • Profile photo of ITSecurityGuy1238080

Certificate Code

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013