Thursday – March 19, 2020 – Now Virtual

Pen Testing Workshops with RedLegg is a regional event series for cybersecurity professionals looking to build and expand their security strategies to grow and better protect their businesses.

Join RedLegg’s Pen Testing team for discussions around threat modeling, how to maximize your pen test and its deliverables, and ways you can expose blind spots in your security infrastructure. This workshop will cover how to go about pen testing with the right test, in the right way, and at the right time. Understand the pen testing ecosystem and what pen testing can do for your security.



If you're beginning to think about pen testing, workshop topics will cover the breadth of pen testing, elevating your sense of how your people, processes, and technology work together as well as how testing helps you see the bigger picture of your cybersecurity efforts.



Bring your laptops and reporting. Learn how to leverage your results for maximum impact. Think about your pen testing goals and the strategy you can build to get your team to the finish line. Whether you test with a third-party or complete self-testing, build a program that works for your unique team.



RedLegg's leader of expert pen testers will be onsite leading sessions, guiding groups in the break out session, and performing deep dives. Come ready with the hardest roadblocks and questions you have.



If you've been around the block with pen testing, this workshop will help you better understand how to build a relationship with your vendor, how to read and apply your results for remediation, and how to see your cybersecurity from the attacker's perspective.


11:30 am - 12:00 pm - Registration Open

  • Sign in and grab some RedLegg swag! Meet some of your neighbors before we get started.

12:00 pm - 1:00 pm - Kick-off & Lunch

  • We’ll also serve lunch to fuel you up for a content heavy afternoon.

1:00 pm - 4:00 pm - Sessions

  • What Pen Testing Is(n’t) – Many companies who buy a pen test don’t have a testing goal. Learn the differences between Vulnerability Assessment and Pen Testing, and reflect on your own company’s cybersecurity and coverage needs to have an accurate view of the state of your security posture.
  • Pen Testing Basics – While pen testing has many heads, basic commonalities exist across the testing disciplines. From discovering targets to threat modeling, we’ll walk you through the mind of an expert pen tester and what you can expect to happen when testing your own company’s cybersecurity.
  • Getting The Most Out of Your Testing – Building a comprehensive security program is a marathon, not a sprint. Pen test reports can be overwhelming, not just because of the amount of data but also the sense of responsibility. Learn how to effectively, and calmly, leverage your test results and maximize your deliverable to build a better security program.
  • Scoping Pitfalls – Proper scoping requires a proper mindset. Learn what to look for while scoping, how to prepare for a scope with a third party tester, what kind of reporting is available, and how to avoid that scope creep.
  • Threat Modeling – RedLegg has encountered many challenges in conducting pen tests and we have some examples to share about network systems, web apps, physical, and social pen testing. Learn those challenges, solutions, and common defenses your company can use to improve your security posture, and also learn how attackers may get around those defenses.
  • Network Pen Testing: Deep Dive – Unlike most of us, pen testing has many heads. Get an overview of the pen testing world and the different areas of testing available to better your security posture and to help you discover security gaps that may be putting your company at risk.
  • Careful With That Axe, Eugene – Self-testing should be part of a standard cybersecurity operations, but it’s not the only testing a security team should conduct. Uncover the potential gotchas of self-testing and what can bring more weight to your pen tests.

4:00 pm - 4:30 pm - Workshop Wrap-Up

  • Say it isn't so! We'll close out the day with some final thoughts, but if you want to stick around, we're happy to help answer any questions.

4:30 pm - 6:30 pm - Happy Hour (Optional)

  • Join the RedLegg team to unwind and close the day out!


Phil Grimes, Director of TradeCraft Labs, uses his extensive knowledge of the digital world (and how to break it) to deliver comprehensive security assessments and penetration services. With hands-on experience dismantling systems and identifying weaknesses in application, physical, digital and mobile security, Phil is a valuable ally for domestic and global organizations. A sought after speaker, Phil has shared his expertise with OWASP and ISSA as well as at several security and technology conferences.


(No longer meeting at TechNexus.)