The access to this course is restricted to Pentest Premium or IT Pack Premium Subscription
During this course you will learn the major aspects of the penetration testing process that provides the most value to a security technician’s organization to improve its overall security posture. Much more goes on behind the scenes after the pentest report is delivered to various elements of the information security team, including the CISO. It’s important that the pentest is conducted and formatted in a manner in which senior leadership can make business decisions as a result of the pentest.
You will learn:
- Steps, tips and different ways of how to describe your work in an efficient way,
- How to create good presentation: what should it contain and what to avoid,
- How the PenTest results will be used to reduce risk to the organization,
- How to convert Technical Speak into Business Talk.
This course is self-paced and pre-recorded
After completing this course the you will be able to:
- Understand how to set expectations for the CISO before conducting a PenTest.
- Understand how to communicate PenTest results to the CISO and senior leadership.
- Understand how to present recommended remediation actions to the CISO and senior leadership.
- Understand how the PenTest results will be used to reduce risk to the organization.
You will need:
- Anyone can join this course who wants to gain a better understanding from a CISO perspective.
- There are no technical requirements needed for this course.
- Any operating system that can support Microsoft Windows and PowerPoint will suffice.
Before you join you should know:
- The student should have an in-depth knowledge of pentest fundamentals.
- This course is designed for security technicians who either conduct pentests or coordinate pentests on behalf of their organization.
- It is assumed the student has extensive knowledge and experience in conducting pentests and developing pentest reports.
Module 1: Expectations
Module 1 Description: Setting expectations for the CISO before conducting a PenTest
Module 1 Covered Topics:
- PenTest Value to the Organization
- Business Objectives
- Business Challenges
- Understanding the Scope of the PenTest
- Legal Restrictions
- Defining the Goals and Success of a PenTest
- Attack Targets
- Characteristics of a PenTest that Constitutes Success
Module 2: Recommendations
Module 2 Description: Presenting recommended remediation actions to the CISO and senior leadership
Module 2 Covered Topics:
- Converting PenTest Report Vulnerability recommendations into Risk Mitigation recommendations
Module 3: Reducing Risk
Module 3 Description: Understanding how the PenTest results will be used to reduce risk to the organization
Module 3 Covered Topics:
- Implementing mitigating security controls
- Measuring effectiveness of security controls
- Defining metrics
- Preparing to do it all over again
Module 4: Communicating
Module 4 Description: Communicating PenTest results to the CISO and senior leadership
Module 4 Covered Topics:
- Typical PenTest Report
- Converting Vulnerabilities to Risk
- Who Conducts the Risk Analysis
- Security Risk Models
- Associating Risk to Business Objectives
- Prioritizing Risks
- Converting Technical Speak into Business Talk
Your Instructor: Tony Buenger (CISSP, CISM, CGEIT, C|CISO)
Over the past 25+ years, Tony Buenger has had the opportunity to work at progressively complex organizational levels, with increasing responsibilities involving the information technology (IT), enterprise architecture, and cyber security fields. He has fulfilled the roles of information security architect, information security engineer, information security risk analyst, information security auditor, information security consultant, and Chief Information Security Officer (CISO).
Tony is currently a CISO for a major hospital system in the United States. He previously worked as a senior information security analyst and certifying authority for U.S. Air Force information technology systems.